TweakTown
Tech content trusted by users in North America and around the world
6,206 Reviews & Articles | 40,138 News Posts
TRENDING NOW: GTA V will have 'just for PC' features, including a video editor

Adobe admits JavaScript flaw in Acrobat

Will fix it... when tney get to it

| Posted: Apr 30, 2009 6:41 pm

I talked about the flaw that allowed Vista to fall in the Pwn2Own competition this year very briefly but I never did get into much detail. But since Adobe has admitted the flaw exists in another Adobe product it is worth bringing up again.

 

The issue is JavaScript and the way that Acrobat and Flash (the plug-in for Flash and Flash Player) handle it. They just do not do so very well at all. Because of this little problem arbitrary code can be executed by Malicious JavaScript (applets) on a system through these two 3rd party applications. It was this exact flaw in the way JavaScritpt is handled by Flash that allowed Vista to be hacked. It seems that in addition to poor handling it also allows the UAC feature in Vista to be bypassed for code executed by the plug-in and the application.

 

Adobe, although they have admitted to the flaw, has not given a time line for fixing the affected applications with include Acrobat (Reader as well) 9.1, 8.1.4, 7.1.1 and earlier.

Read more here

 

Adobe admits JavaScript flaw in Acrobat

 


Initially the firm said the vulnerability only afflicted its cumbersome Reader.

 

It appears the software's execution of JavaScript is flawed, allowing attackers to run code on targeted systems or crash applications willy-nilly.

 

Adobe Reader and Acrobat versions 9.1, 8.1.4, and 7.1.1 and earlier are vulerable. Adobe said it hadn't found any live expolits yet.

 

Related Tags

Further Reading: Read and find more news at our news index page.

Do you get our news RSS feed? Get It!

Got an opinion on this news? Post a comment below!

Latest News Posts

View More News Posts

Forum Activity

View More Forum Posts

Press Releases

View More Press Releases