I figured it would happen eventually, but not quite so soon. It appears that Adobe Reader is suffering from at least two more zero-day vulnerabilities – less than two months after the JBIG2 vulnerability.\u00a0 Here’s the low-down.<\/p>\n
All currently supported shipping versions of Adobe Reader and Acrobat (9.1, 8.1.4, and 7.1.1 and Many people made this recommendation when the last vulnerability was uncovered (jbig2 vulnerability<\/a>), but it just seems to be louder this time; find an alternative reader to the Adobe Reader product.\u00a0 If you need an idea for what is available out there, take a look at PDFreaders.org<\/a>.\u00a0 I know that I have made the recommendation where I work, but it might not be that easy.\u00a0 Corporations sometimes will rely heavyly on Adobe Reader to view custom business forms that are used on a daily basis with customers.\u00a0 That reliance will often show itself in the in-house applications that make calls directly to the Adobe DLL.<\/p>\n
\nearlier versions) are vulnerable to this issue. Adobe plans to provide updates for all affected versions
\nfor all platforms (Windows, Macintosh and UNIX) to resolve this issue.\u00a0 The vulnerabilities are in the JavaScript engine of the Adobe products.\u00a0 This, by the way, affects both Adobe Reader and Adobe Acrobat.\u00a0 The vulnerabilities exist in two JavaScript functions; getAnnots()<\/strong> and spell.customDictionaryOpen()<\/strong> and both allow remote code execution.\u00a0 One way to protect yourself is to disable JavaScript – see the simple instructions from F-Secure<\/a>.
\n<\/span><\/p>\n