Critical vulnerability could be used to exploit JavaScript engine in popular Reader application
Adobe today fixed a major security hole in Adobe Reader that lets an attacker take control of a user's machine when he or she opens or downloads a PDF file.
The overflow vulnerability exploits JavaScript features in Adobe Reader 8.1 and earlier versions. This isn't the first such critical bug found in Reader, says Ivan Arce, CTO of Core Security Technologies, which discovered the flaw, but it's a major one.
"JavaScript content may trigger the vulnerability and let an attacker control the system," Arce says.
Core researchers discovered the vulnerability while studying another similar flaw in a different PDF view application, Foxit Reader. Arce says the bug demonstrates just how multiple vendors can have similar flaws in their applications. Core reported its finding to Adobe in May after discovering the vulnerability.
Aside from the patch, Reader users can either disable JavaScript in the application or upgrade to the newest version of Reader, Version 9, which does not contain the vulnerability, Arce notes.
About the Author(s)
You May Also Like
Beyond Spam Filters and Firewalls: Preventing Business Email Compromises in the Modern Enterprise
April 30, 2024Key Findings from the State of AppSec Report 2024
May 7, 2024Is AI Identifying Threats to Your Network?
May 14, 2024Where and Why Threat Intelligence Makes Sense for Your Enterprise Security Strategy
May 15, 2024Safeguarding Political Campaigns: Defending Against Mass Phishing Attacks
May 16, 2024
Black Hat USA - August 3-8 - Learn More
August 3, 2024Cybersecurity's Hottest New Technologies: What You Need To Know
March 21, 2024