We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Critical patches for Adobe Reader & Acrobat

Adobe to issue fixes for dangerous vulnerabilities

Adobe will issue patches next week for older versions of its Reader and Acrobat Reader software, which contain a dangerous vulnerability that could be used for phishing attacks or to remotely access files on a computer.

The problem affects versions 7.0.8 and earlier of the Acrobat and Reader programs. Adobe is telling users of those versions to disable the Acrobat and Reader plug-in in their web browser until the patches are issued.

Since the problem became public, Adobe has also been encouraging customers to upgrade to Reader 8, the latest version of its program, which is not affected by the vulnerability.

Some users can't upgrade to the new version, however, so Adobe will issue the patches for those users next week, said Adobe spokeswoman Meredith Mills.

Security experts warned that the cross-site scripting vulnerability could let an attacker run arbitrary JavaScript code on a targeted machine by linking to a PDF file on the machine.

In a phishing attack, for example, a hacker could add JavaScript to a URL (uniform resource locator) that links to a PDF document on a site. If the link is opened, the JavaScript would run, inserting a form soliciting the user's password at a banking site, with the information transferred back to the hacker.

Adobe is also warning users to exercise caution when clicking on untrusted links, since those links could be manipulated to run an exploit.

Security vendor Websense wrote on Thursday that an attacker could also gain access to files on a machine.

Exploits will apparently only work with certain combinations of web browsers and Adobe software, but Adobe did not specify which combinations.

Symantec wrote in its blog that the vulnerability affects the Firefox web browser. Further tests showed that users running a combination of Internet Explorer (IE) 6 and Adobe Reader 7 on Windows XP Service Pack 1, and Internet Explorer 6 and Adobe Reader 4 on Windows XP Service Pack 2, are also vulnerable, Symantec wrote.


IDG UK Sites

LG G4 review: Great price and camera but misses the mark in other areas

IDG UK Sites

Why Scottish Tablet is better than the iPad mini

IDG UK Sites

How to develop for Microsoft's HoloLens

IDG UK Sites

Apple MacBook 1.1 GHz review (Retina, 12-inch, Early 2015): The future of Apple laptops