By Aharon Etengoff, April 28, 2009
A new Adobe Reader vulnerability has reportedly been discovered. According to US-CERT (US Computer Emergency Readiness Team), the vulnerability is due to an error in the "getAnnots()" JavaScript function. "Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code," warned a post on the US-CERT homepage. The post also recommended disabling JavaScript in Adobe Reader to help "mitigate" the risk. Adobe confirmed that it was aware of the new "getAnnots()" report. "We are currently investigating, and will have an update once we get more information," Adobe said on its blog. It should be noted that F-Secure's chief research officer, Mikko Hypponen, recently recommended that users uninstall Adobe Reader in favor of a more secure PDF viewer. Hypponen explained that at least six vulnerabilities targeting Adobe's PDF reader have been found.
Read more here -->Link
No comments:
Post a Comment