Members
  • Total Members: 12816
  • Latest: t114563
Stats
  • Total Posts: 28524
  • Total Topics: 8240
  • Online Today: 922
  • Online Ever: 51419
  • (01. January 2010., 10:27:49)












Author Topic: Adobe Promises Fixes for Latest Flaws by Next Week: CVE-2009-1492, CVE-2009-1493  (Read 2245 times)

0 Members and 1 Guest are viewing this topic.

Samker

  • SCF Administrator
  • *****
  • Posts: 7206
  • KARMA: 291
  • Gender: Male
  • Whatever doesn't kill us makes us stronger.
    • SCforum.info - Samker's Computer Forum


Adobe Systems expects to have patches ready to fix the latest flaws in Acrobat and Reader by next week.

"We are in the process of fixing the issue and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th," wrote David Lenoe, a security program manager, on Adobe's security blog.

The update will fix the problem in versions 7.x, 8.x and 9.x for Reader and Acrobat on Windows, versions 8.x and 9.x of Reader and Acrobat for Macintosh, and Reader versions 8.x and 9.x for Unix. It will repair bug CVE-2009-1492, which concerns Adobe's implementation of JavaScript in Reader and Acrobat.

That flaw could allow a hacker to create a malicious PDF file that could allow execution of other arbitrary code. Attack code was published last week on the SecurityFocus Web site.

Adobe has also identified a second vulnerability in Reader for Unix, CVE-2009-1493. That will also be fixed in the upcoming updates, Lenoe wrote. That flaw doesn't appear to affect Windows or Macintosh, he wrote.

Until the patches come out, people should disable JavaScript in both of the applications. Under the preferences menu of the "edit" function, JavaScript can be de-selected, which would then stop an attack.

Adobe has battled bugs in Reader and Acrobat for some time. The vulnerabilities are valuable to hackers since they can create malicious documents to exploit the flaw and gain control over a computer. Since PDF files are widely used, there's a higher chance that a victim can be tricked into opening one and ceding control of their computer.

(PCW)

Samker's Computer Forum - SCforum.info





hamid.sensini

  • SCF Member
  • **
  • Posts: 11
  • KARMA: -4

Zhang Fei

  • SCF Member
  • **
  • Posts: 12
  • KARMA: 2
This is extremely lame. I can't believe they're still dealing with these security holes today. Maybe if they slimmed down the basic package, they'd have less of these bugs floating around for hackers to exploit.

 

With Quick-Reply you can write a post when viewing a topic without loading a new page. You can still use bulletin board code and smileys as you would in a normal post.

Name: Email:
Verification:
Type the letters shown in the picture
Listen to the letters / Request another image
Type the letters shown in the picture:
Second Anti-Bot trap, type or simply copy-paste below (only the red letters):www.scforum.info:

Enter your email address to receive daily email with 'SCforum.info - Samker's Computer Forum' newest content:

Terms of Use | Privacy Policy | Advertising