Wednesday, February 25, 2009

Acrobat misses.. Foxit to the rescue

Just read that there is a vulnerability in Adobe Acrobat.. ..after much digging, I finally found this:


A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

above is from : http://www.adobe.com/support/security/advisories/apsa09-01.html

There are patches on the way, but a partial solution is to turn off javascript in Adobe reader & acrobat. It's only partial because someone has been able to reproduce the vulnerability without utilizing javascript.. so turning it off is only a stopgap measure.

I'm sooooooooooo glad I ditched Acrobat reader a long time ago and only use foxit now.

More sites of related interest:

http://secunia.com/blog/44/


http://blogs.zdnet.com/security/?p=2690

http://blog.metasploit.com/2009/02/best-defense-is-information.html

No comments: