Critical JavaScript exploit in Adobe Acrobat

Computer researchers at Johns Hopkins University have discovered a critical flaw within most recent version of Adobe's Reader and Acrobat software applications that could allow hackers to take control of vulnerable systems. Adobe recommends affected users update their installations, explains Adobe advisory. There are reports that the exploit is in the wild, which both Adobe and security […]

Computer researchers at Johns Hopkins University have discovered a critical flaw within most recent version of Adobe's Reader and Acrobat software applications that could allow hackers to take control of vulnerable systems. Adobe recommends affected users update their installations, explains Adobe advisory. There are reports that the exploit is in the wild, which both Adobe and security firm Secunia appear to be taking seriously.

The problem affects Acrobat and Reader versions 7.0.9 and earlier, as well as versions 8.0 through 8.1.2. Adobe disclosed the vulnerability on Monday in conjunction with the release of a security update for the current version, which is 8.1.2. Users of version 7.1 are not affected by the vulnerability, and Adobe says Acrobat and Reader 9 which are due out in July are also immune.

According to a security bulletin by SecurityFocus, user input is not sanitized correctly. Essentially, an attacker could launch code remotely, which would in turn allow him to take control of an affected system.

More specifically, the problem is related to an input validation issue with JavaScript usage in either product. Indeed, JavaScript can be embedded in PDF files, so a JavaScript problem need not necessarily be browser-based.

Source:→ BetaNews