Adobe has since confirmed the flaw in versions of Adobe Reader 9.1 and 8.1.4, acknowledging in a blog that "all currently supported shipping versions of Adobe Reader and Acrobat Reader are vulnerable to this issue."
In addition, Adobe Reader 8.1.4 and 9.1 for Linux may also be affected by the vulnerability, according to SecurityFocus.com.
If exploited, the flaw could allow remote attackers to launch a denial of service attack, crash an application, or take control of a system in order to view accounts and steal information.
Adobe said that it was currently investigating the flaw, and planned to provide security updates for all affected versions of Windows, Mac and Unix to resolve the issue.
"We are working on a development schedule for these updates and will post a time line as soon as possible," Adobe said. So far, there are no known "in the wild" attacks exploiting the vulnerability, Adobe added.
Reports indicate that the vulnerability is the result of an error in the "getAnnots" JavaScript function, according to the US-CERT. In an effort to mitigate the risk, the federal agency recommends that users disable JavaScript in Adobe Reader. To disable JavaScript, users are advised to select the JavaScript Category under the Edit:Preferences tab, and uncheck the "Enable Acrobat JavaScript" option.
The security advisory comes just a month after Adobe issued a fix in March, repairing a cross-platform vulnerability in Adobe Reader 9 and Acrobat Reader 9, as well as earlier versions, found to be actively exploited in the wild. Attackers exploiting the vulnerability were, thus, able to crash the application or take complete control of an affected system for identity-theft purposes.
Adobe upgraded users to Adobe Reader 9.1 and Acrobat Reader 9.1 for all platforms and Adobe Reader 8.1.4 for Unix at the end of March.
- Juniper Honors 12 Americas Partners
- Facebook And Four More Web Sites We Love To Hate
- Cisco Honors Top Partners During 2010 Partner Summit
- HP Salutes Top Partners At APC 2010 Award Show
- Upclose And Personal With AMD And friends
- Will Oracle's Phillips' Affair Revelation Be A Distraction?
- Apple, Microsoft Unlikely Allies Against Google
- HP-Microsoft Cloud Partnership Needs To Show Us The Goods
- Blog: It's Time For A Cybercrime Public Service Announcement
- Nortel Sell-Off Continues: Ethernet Business To Ciena?
- Want To Deploy Exchange 2007 SP2 In A Server 2008 R2 Domain? Sorry
- Apple Improves iTunes 9 With Syncing, Visual Enhancements
- Oracle Ad Refutes Sun Hardware Fears
- U.S. Copyright Chief Rips Google Book Deal In Testimony
- Apple Slashes iPod Price Tags
- Price Is Right? Asus To Launch Low-Cost E-Reader
- Microsoft Xbox 360 Consoles Fail More Often Than Wii, PS3
- Privacy Group To Congress: Stop Online Advertisers In Their Tracks
- Microsoft, Intel Tout Their Collaboration On Windows 7
- Tech Data Adds Integration Services With New Center
| • |
| • |
| • |
| • |
| • |
| • |
| • |
|
|
