Adobe Set To Patch Acrobat Reader Flaw Next Week

In response to the newest zero-day bug that has been noticed in its popular Adobe Reader software, Adobe has announced that it will release a security update by next Tuesday to fix the vulnerability.

The fix is expected to contain the vulnerability that relates to the implementation of JavaScript in Adobe’s Reader and Acrobat application.

The bug could potentially allow an attacker to prepare malicious PDF documents for the execution of arbitrary code and by doing so he can take control over the affected system easily.

Since the fix only be available on next Tuesday, the newest flaw would still have a window of 14 days to be exploited. Taking note of the risk, Adobe has urgently asked users to disable JavaScript in both the products and users can unselect the JavaScript option, given under the ‘Preference’ menu of ‘Edit’ function to ensure safety

Expressing his views on the vulnerability, David Lenoe, the security program manager at Adobe mentioned “We have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix and this issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate."

You can follow ITProPortal.com on Twitter @itproportal.

Our Comments

This is a zero-day bug which means that it has a much higher level of threat and users could potentially use another PDF reader like Foxit Reader until Adobe solves the issue. Acrobat, like Flash, is one of the most used applications in the world which makes it a very tasty target for hackers and cybercriminals. PDF spam might be a thing of the past but for the next few weeks, take care about using Acrobat.

Related Links

Adobe promises patch for zero-day PDF bug by next Tuesday

(Reuters)

Adobe to close Acrobat and Reader holes on May 12

(The H Security)

Adobe Promises Fixes for Latest Flaws by Next Week

(PC World)

Adobe promises fixes for recent PDF flaws early next week

(The Tech Herald)

Adobe Announces Acrobat, Reader Fix

(PCMag.com)

Adobe PDF vulnerability fix slated for May 12

(S C Magazine)