In association with heise online

05 May 2009, 14:41

Adobe to close Acrobat and Reader holes on May 12

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe plans to release a security update for Adobe Reader and Acrobat on the 12th of May. The update will remove the recently announced critical buffer overflow in the JavaScript function getAnnots(). Attackers could prepare PDF documents which could crash either application and potentially allow them to take control of the affected system. The updates will be available for Windows versions 7.x, 8.x, 9.x and UNIX and Mac versions 8.x and 9.x of Adobe Reader and Acrobat.

The update of the UNIX version will also close a second hole in the JavaScript functionality where the customDictionaryOpen method can be manipulated to cause a denial of service or execute arbitrary code. Until the release of the updates, Adobe recommends disabling the processing of JavaScript in its products by selecting Edit/Preferences/JavaScript and un-checking the "Enable Acrobat JavaScript" option.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit