« Frightening New "Man-in-the-Middle" Phishing Scam | Main | Microsoft Office Helping Spread Bot-Nets »

Adobe has confirmed findings that their popular .pdf viewer has serious flaws. Users of Adobe Reader (aren't we all?) are recommended they update their reader promptly.

"Adobe is aware of the recent cross-site scripting vulnerability in versions 7.0.8 and earlier of Adobe Reader and Adobe Acrobat that could allow remote attackers to inject arbitrary JavaScript into a browser session," Adobe said in an emailed statement. "This is not a vulnerability in .pdf. Specifically, this issue could occur when a user clicks on a malicious link to a .pdf on the Web."

The latest version fixes the flaws,. Adobe said they would release patches sometime next week to correct older versions.

This flagrant vulnerability was discovered by Stefano Di Paola and Giorgio Fedon, who warned that hackers could launch cross-site scripting attacks to do a variety of damage. Adobe Reader's dominance of the market adds considerable urgency for the need to get the message out.

According to researchers, the problem is how Adobe instructs the browser to handle .pdf files. Both Firefox and IE are especially vulnerable.

The flaws affect Adobe Reader 6.0.1 for Windows via Internet Explorer 6 and version 7.0.8 for Windows via Firefox 2.0.0.1. Other versions may also be affected. Though Adobe has fixed the security holes in version 8.0.0, experts worry that many users will be slow to upgrade, leaving themselves open to an easy attack. Adobe sought to raise awareness with its advisory yesterday.

Also, one should always be weary about opening up attachments from an unknown sender. The upgrade to Adobe Reader 8 can be found here.

Posted by pschooff in Better Protection |Digg This|Add to del.icio.us

Trackback Pings

TrackBack URL for this entry:
http://www.ebizq.net/mt/mt-tb.cgi/1145

Posted by: Richard at January 16, 2007 07:01 PM