Adobe Releases Security Update for Acrobat Vulnerabilities
FindLawBy Kevin Fayle
In response to the discovery of a security flaw in Adobe Acrobat and Acrobat Reader, Adobe has released updates to older versions of the popular PDF viewing and editing software. The new updates, which are available as full installation packages rather than patches, should prevent malicious programmers from taking control of users' machines, according to the company.
The security flaw, a cross-site scripting (XSS) vulnerability, allowed malicious web programmers to inject JavaScript code into the Acrobat Reader by manipulating links to trusted PDF files. The end user would have to click on a corrupted link before the vulnerability was exploited, but once triggered, the flaw could allow an intruder to access data or gain control of the user's computer.
Adobe recommends that all users of the Acrobat and Acrobat Reader software upgrade to version 8, which does not contain the XSS vulnerability. For users who aren't able to upgrade, however, the new updates to Acrobat and Acrobat Reader 6 and 7 will plug the security hole. Instructions for downloading the updates are available here.
Adobe also released workarounds for website operators who wish to prevent any XSS attacks before they reach the end user. The company has posted those instructions here.
Software
© 2007 FindLaw
