Feb 23 2009
Use of Adobe Acrobat or Reader is Critical as a new flaw found
Toady Adobe has warned that there is a serious security risk in Adobe Reader 9 and its acrobat as well as prior release are also affected. As some researchers from the Security Company McAfee found some malicious document flow from the start of the year, exploiting the vulnerability in adobe pdf application reader and acrobat. Though it said that currently the attacks which has traced are a targeted ones but if the flaw remains in the way it expects as some new variants may come with the spreading information in the public.
According to a blog at McAfee it said that attackers take advantage of Java Script bug in Reader to override the memory processes and taking control all over the system causing them capable of installing Trojan Horse and remotely control and monitor the infected system.
Kevin Haley, Symantec Security response director mean while said “The exploit used against only a few government agencies and large corporations, and within those organizations, only a few people are targeted.” Noting only a small fraction of only 100 people till date affected since it was first came in notice on 12 February.
According to Adobe still there is only one way to avoid through this attack to manually disable the in-built JavaScript engine – which is enabled by default in both the Acrobat Professional PDF editor and Reader package, which can be done through the Preferences menu. The patch to fix this flaw may be released for its version 9 around 11 march, as they are working through it and its prior versions anyone should have to wait some more.
And the now question arises is after you came to know about this flaw will you consider turning off the Javascript function or will look for another alternative like Foxit Reader which has slowly made their points up in terms of its portability and simple user interface. Take part in the forum to share your view….
