According to foreign media reports, Adobe has recently updated Adobe Reader and Adobe Acrobat to fix a serious JavaScript vulnerability that affects windows, Mac, Linux, and UNIX.
As the company promised, on Tuesday, it provided security advice on software vulnerabilities and fixed the second vulnerability that affected UNIX. Security company secunia considers the vulnerability as "critical ".
Adobe believes that the April 27 proof-of-conceptCodeThese vulnerabilities were first circulated on the Linux security website packetstorm. However, Adobe posted a blog post on Tuesday that it did not know any attacks after development based on this code.
Adobe says that a specially crafted PDF file can exploit all vulnerabilities to attack and be infected.ProgramOr control the user system. The first vulnerability affects many platforms, including the "getannots ()" method for Reader and Acrobat to read JavaScript, and destroys the memory.
The second vulnerability affects only UNIX, including reading "CustomDictionaryOpen ()"
JavaScript method. These vulnerabilities affect Reader 9.1, Acrobat 9.1, and Reader
9.1.1, 8.1.5, and 7.1.2. For users that cannot implement updates, we recommend that you disable the JavaScript code of the affected program.
Adobe released a patch to fix a high-risk vulnerability found at the end of April. The "getannots ()" JavaScript function in Adobe Reader has a security vulnerability that may allow hackers to execute arbitrary programs.This vulnerability affects Adobe Reader, Acrobat 9.1, 8.1.4, 7.1.1, and earlier versions, and affects all platforms.
This vulnerability is a boundary condition error. Hackers can seize the opportunity to execute arbitrary programs or close the application without warning. Adobe has released patches on its official website. For more information, visit the following link:
Access:Security Updates available for Adobe Reader and Acrobat