Apple: Adobe fixes an epidemic of Javascript vulnerabilities; Security patch available for Mac and Windows users
If you’ve been wondering when Adobe would release a security patch for Adobe Acrobat and Adobe Reader your wait is over. Recently Adobe released a patch fixes a security hole for Mac and Windows users.
“A critical vulnerability has been identified in Adobe Reader and Acrobat 8.1.2 and earlier versions,” said the Adobe alert posted on Monday, June 23. “This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system.”
Adobe said the security fix plugs an input validation hole in Reader’s and Acrobats use of Javascript.
The last security patch that Adobe released was this past February. Adobe updated both Adobe Acrobat, and Adobe Reader to Version 8.1.2. The update patched almost 30 problems. Adobe received a lot of criticism with that update. Users complained because no explanation was given to what was fixed and why? Adobe’s lack of feedback sounds a lot like many of the Apple’s updates that roll out. Not too much information is given about issues that have been fixed which have annoyed many Mac users, including myself. Days after the fix Adobe users had another reason to complain there were JavaScript bugs. Apparently, hackers had exploited these bugs; thousands of users were affected.
“Adobe has an epidemic with regards to JavaScript,” said Andrew Storms, director of security operations at nCircle Network Security Inc., in an e-mail this morning. “With this many JavaScript bugs in Acrobat, one begins to ask questions. Why would a full, thick application like Acrobat need to be using JavaScript, especially when JavaScript in the browser has historically been a target for hackers? And since JavaScript has been a target for so many years, why hasn’t Adobe flushed out these vulnerabilities already?”
Many people have questioned why a large application like Adobe is even using JavaScript. Historically JavaScript has been the target of hackers. Some have questioned why Adobe wasn’t able to eliminate this problem years ago.
If you are using versions 8.0 through 8.1.2 for both Reader and Acrobat you are affected. You need to log onto the Adobe website and download the security update. Users of Acrobat 7.1.0 don’t meed the update since it doesn’t contain the bug. However if you are using 7.0.9 or earlier it Adobe has advised users to update to 7.1.0.
Related Posts:
