Back in May we first discussed the vulnerability in Adobe Reader. Once again, an issue has cropped up. I ask the question again, why doesn't Adobe release a standard verison of the reader without Javascript? Sure, it would disable some forms, but the bulk of users in the world want to read documents safely and not use forms. They could certainly have a Premium Reader with Javascript support for those people that need it.
Here is the statement from them, "Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available.
Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue."
Here is a link to the security advisory.
No comments:
Post a Comment