Slashdot Mirror


Adobe Confirms PDF Zero-Day, Says Kill JavaScript

CWmike writes "Adobe Systems has acknowledged that all versions of its Adobe Reader, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities. 'All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue,' said Adobe's David Lenoe said in a blog entry yesterday. He was referring to a bug in Adobe's implementation of JavaScript that went public early Tuesday. A "Bugtraq ID," or BID number has been assigned to a second JavaScript vulnerability in Adobe's Reader. Proof-of-concept attack code for both bugs has already been published on the Web. Adobe said it will patch Reader and Acrobat, but Lenoe offered no timetable for the fixes. In lieu of a patch, Lenoe recommended that users disable JavaScript in the apps. Andrew Storms, director of security operations at nCircle Network Security, said of the suggestion in lieu of patches, 'Unfortunately, for Adobe, disabling JavaScript is a broken record, [and] similar to what we've seen in the past with Microsoft on ActiveX bugs.'"

3 of 211 comments (clear)

  1. Why do PDF readers need Javascript? by serutan · · Score: 5, Funny

    Having never handled PDF documents except to read them, I wasn't even aware they could contain Javascript. I don't understand why they need to. Jeez, are we going to get to the point where it's not safe to go to the bathroom because the toilet can execute Javascript?

    1. Re:Why do PDF readers need Javascript? by Red+Flayer · · Score: 5, Funny

      Jeez, are we going to get to the point where it's not safe to go to the bathroom because the toilet can execute Javascript?

      That didn't sound so bad. Until I thought about stack overflow vulnerabilities.

      --
      "Trolls they were, but filled with the evil will of their master: a fell race..." -- J.R.R. Tolkien on Olog-hai
  2. Re:Ditch Acrobat... by OakDragon · · Score: 4, Funny

    Adobe is really slow about security patches on Acrobat.

    Have you updated the Adobe Updater? Perhaps what we need is an updater to update the Adobe Updater.