Adobe confirms new flaw, recommends turning off JavaScript - SC Magazine US
Note that this is only the Acrobat Javascript functionality, you don't need to do it system wide. However, this also makes it pretty tough in a large (i.e. more than 20 workstations) environment unless you're going to roll out a cusomized version of Acrobat. I'd suggest telling your user base not to open any PDF's from the web until this is fixed.
I found this an interesting quote:
"This is not the first time that critical vulnerabilities have been found in Adobe's software," Sophos' Graham Cluley said on Wednesday his blog. "And there is growing concern tha the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."
It is very true, could Adobe be the next big target? The advantage to hackers is that most Adobe products are cross-platform and therefore have the potential to create a lot more havoc. If nothing else however, it will hopefully get Adobe to shape up and be a little better at dealing with this kind of thing. For all their flaws, Microsoft's reporting of vulnerabilities and patching timelines only improved as their products became significant targets.
Here is Adobe's official response:
Adobe PSIRT
No comments:
Post a Comment