Adobe Reader 9.3 addresses critical JavaScript security issue

Last month, a serious and potentially easily exploitable vulnerability was found in a JavaScript API call, DocMedia.NewPlayer -- a situation where an intentionally crafted PDF file could invoke the call, deallocate memory allocated when media player’s generated, and then execute the code in that de-allocated memory, without need for privilege. “Adobe Reader 9.3 addresses this […]

Last month, a serious and potentially easily exploitable vulnerability was found in a JavaScript API call, DocMedia.NewPlayer -- a situation where an intentionally crafted PDF file could invoke the call, deallocate memory allocated when media player’s generated, and then execute the code in that de-allocated memory, without need for privilege. “Adobe Reader 9.3 addresses this issue. Adobe is busy working on non-improvised means for improving its platform users' security long-term. “beta testers’re working on a potential update to today's update: a new version of Reader that replaces its current updating mechanism. Today, Reader automatically checks for updates whenever it starts. According to Kyle Randolph “testers are examining the efficacy of an always-resident mechanism instead -- something that could silently update Reader and Acrobat (and perhaps Flash as well) in the background. ‘The new updater improves the user experience and helps users stay up to date with the new option of receiving security updates automatically, via background updates, which have been shown to have better patch adoption,’” Randolph wrote.