Adobe’s Reader Struck by Latest Zero-Day Bug

Adobe Systems Inc. confirmed on April 28, 2009 that the company is currently investigating the reports of its famous Adobe Reader containing a critical flaw. According to security researchers, the latest flaw is yet another addition to the long list of flaws in Adobe's execution of JavaScript.

The vulnerability was exposed on SecurityFocus site for the first time. The site also posted a URL to the proof-of-concept attack code. A cybercriminal can abuse this vulnerability to run malicious codes as the user runs the application, according to the site.

SecurityFocus highlighted that Adobe's most updated versions, Reader 8.1.4 and Reader 9.1, are susceptible to the vulnerability. Linux versions are certainly having the flaw while other platforms' versions for which the reader is provided by Adobe, like Mac and Windows, are also expected to be at risk.

In the meantime, some security researchers stated that information regarding reader's latest zero-day flaw remains largely unclear, except that it is based on JavaScript. Besides, for past sometime, Adobe Reader has been lacking in security. So, it's better for users to opt for other PDF reader to evade potential cyber attacks.

It is noteworthy that Adobe is having a long history of problems related to the execution of JavaScript. It was 2008 only when the company suffered from apparently an epidemic of JavaScript flaws.

Giving out the ways to avoid falling victim of the potential malicious attack, Adobe researchers stated that the best way is to disable the JavaScript. This includes unchecking "Enable Acrobat JavaScript" that comes under Preference tab and then clicking on the OK button. In its blog, the company said that security vendors have been communicated about the flaw.

Adobe assured of releasing an update but only after it gets more details of the latest vulnerability, as reported by SCMAGAZINE on April 28, 2009.

Earlier in 2009, another PDF vulnerability was faced by Adobe that was being actively used in launching cyber assaults and took weeks to the leading software companies to patch it. Some criticized Adobe for late exposure of the flaw and the corresponding sluggish fix, whereas some others laid stress on using other options like Foxit.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 5/9/2009