1

The bad guys of the IT business are always looking for the most effective ways to infect the innocent Internet user, and increasingly that means turning to commonly used web browser plug-ins such as Flash or PDF readers. A couple of years ago we were reporting critical vulnerabilities for all Adobe Flash platforms, and towards the end of last year there were reports of a critical vulnerability in Adobe Reader. Cue Jaws soundtrack: just when you thought it was safe to go back in the Adobe PDF water.

According to an official Adobe security warning "All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable" to another zero-day JavaScript vulnerability. That's all shipping versions on all platforms, including Mac and Unix users.

Adobe says that it "plans to provide updates for all affected versions for all platforms to resolve this issue" although it cannot currently say how long this will take other than to confirm it is "working on a development schedule for these updates and will post a timeline as soon as possible."

So what should you do in the meantime? Adobe recommends that in order to mitigate the issue, JavaScript should be immediately disabled in both Adobe Reader and Acrobat. Alternatively you could, of course, find another application for your Flash and PDF requirements which is less popular and not so attractive to the bad guys.

As Graham Cluley, senior technology consultant with security outfit Sophos says: "this is far from the first time that critical vulnerabilities have been found in Adobe's software, and there is growing concern that the vendor's dominant market share of the PDF reader market is proving extremely attractive for hackers hellbent on infecting as many PCs as possible."

That said, Adobe's track record is not as poor as, for example, Internet Explorer or even Windows itself when it comes to being a hit target for security exploits. As Mozilla has discovered, when lots of people move to your product it simply shifts some of that bad guy focus to your product.

As Editorial Director and Managing Analyst with IT Security Thing I am putting more than two decades of consulting experience into providing opinionated insight regarding the security threat landscape for IT security professionals. As an Editorial Fellow with Dennis Publishing, I bring more than two decades of writing experience across the technology industry into publications such as Alphr, IT Pro and (in good old fashioned print) PC Pro. I also write for SC Magazine UK and Infosecurity, as well as The Times and Sunday Times newspapers. Along the way I have been honoured with a Technology Journalist of the Year award, and three Information Security Journalist of the Year awards. Most humbling, though, was the Enigma Award for 'lifetime contribution to IT security journalism' bestowed on me in 2011.

2
Contributors
1
Reply
3
Views
8 Years
Discussion Span
Last Post by rapper2
0

Adobe should have been left behind long ago. Their applications are much larger than needed, overlap functions - and generally attempt to take over a users computer, somewhat like a company from Redmond WA.

The Adobe of Illustrator and Photoshop early editions hasn't been around for a long time. Since John Warnock left, as a matter of fact.

Have something to contribute to this discussion? Please be thoughtful, detailed and courteous, and be sure to adhere to our posting rules.