iTWire - Critical vulnerability in Adobe Reader

IT&T JOBS|Discussion forum|Technology Events|IT Education|

Today on iTWire IT News Telecommunications People Our Blogs Tech Lifestyle Releases Science Sustainability MyProfile Whitepapers

Daily ICT Newsletter FREE TRIAL

Follow the Australian Telecommunications scene NEWSLETTER- FREE TRIAL

Technology news and Jobs

Information Technology News

Critical vulnerability in Adobe Reader

Critical vulnerability in Adobe Reader

E-mail

by Davey Winder
Wednesday, 05 November 2008
A vulnerability in Foxit Reader that was disclosed back in May was thought not to be exploitable within Adobe Reader. New research proves otherwise. Core Security Technologies, a provider of proactive enterprise security testing solutions, has today issued a security advisory that discloses a critical vulnerability which has the potential to impact millions of users, both individuals and businesses, which rely upon the Adobe Reader PDF-file browsing software. Featured Whitepaper 5 Best Practices for Smartphone Support While investigating the feasibility of exploiting a vulnerability previously disclosed in Foxit Reader by Dyon Balding from Secunia Research on May 20th 2008, engineers from CoreLab (the research arm of Core Security) have discovered that Adobe Reader is affected by the same bug. Arguably the world’s most ubiquitous electronic document sharing application, Adobe Reader is used to view, search, digitally sign, verify, print, and collaborate on Adobe PDF files. It also, of course, contains the necessary scripting functionality to enable extended customization. The CoreLab engineers found that Adobe Reader was capable of being exploited to gain access to vulnerable systems using a specially crafted PDF file containing inevitable malicious JavaScript content. CoreLabs alerted Adobe to the vulnerability immediately, and both have been working to coordinate patch creation efforts. To successfully exploit this vulnerability requires a user to open that maliciously crafted PDF file which in turn allows the attacker to gain access to vulnerable systems, assuming the privileges of a user running Acrobat Reader. “As with many of today’s ubiquitous client side applications, the sheer complexity of Adobe Reader creates a broad surface for potential vulnerabilities and, in this case, Adobe’s inclusion of a fully-fledged JavaScript engine introduces the same types of implementation bugs commonly found in such sophisticated client side programs” said Ivan Arce, CTO at Core Security Technologies. It isn't the first exploit to impact upon Adobe users nor will it be the last. However, Adobe has issued a security update that addresses the vulnerable version 8.1.2 of Reader. Adobe Reader version 9, which was released in June 2008, is not vulnerable to the reported problem. Tags See All Tags Adobe Adobe Reader Davey Winder Exploit PDF Security Powered By Joomla Tags Please enable JavaScript in your browser to post your comment!

< Next story in category		Previous story in the category >

Sponsored Releases

Thunderhead Appoints Phil Walker as Managing Director of Asia Pacific and Europe

Heathrow Airport Terminal 5 Live with Progress Software

Open Text Deepens Integration with SAP® Solutions

As Christmas Nears, AVG (AU/NZ) Advises Shoppers How to Stay Safe Online

Progress Software Successfully Enables SaaS Deployment in the Cloud for Fifth Year

...Promote your press-releases here

Latest jobs

Applications Project Manager (.Net) (Q2)
SharePoint Migration Specialist (Q2)
Multiple Project Managers ? Generalist Skills (Q2)
SharePoint Migration Specialist (Q2)
Project Administrator
Midrange Team Leader
Solution Architect
Project Administrator
Midrange Team Leader
Solution Architect

	Visitors last 30 days	694,279
	Subscribers	15,210

#1 independent technology news advertise here

- Advertisement -

Featured Whitepapers

	5 Best Practices for Smartphone Support Worldwide shipments of smartphones reached a high of nearly 40 million units in the third quarter of 2008, helping to grow the category by 28% from the same quarter last year.
	Legacy Tools: Not For Today’s Helpdesk Why applications like RDP, VPNs and VNC may be costing you time, money and end-user satisfaction.

Today on iTWire

Follow iTWire on Twitter

About iTWire

iTWire is all about technology news, information, jobs and community for the IT and telecommunications industry professional. Subscribe to our free ICT daily newsletter

website free tracking