Adobe releases patches for Reader and Acrobat Vulnerabilities

Source: Internet
Author: User

According to foreign media reports, Adobe has recently updated Adobe Reader and Adobe Acrobat to fix a serious JavaScript vulnerability that affects windows, Mac, Linux, and UNIX.

As the company promised, on Tuesday, it provided security advice on software vulnerabilities and fixed the second vulnerability that affected UNIX. Security company secunia considers the vulnerability as "critical ".

Adobe believes that the April 27 proof-of-conceptCodeThese vulnerabilities were first circulated on the Linux security website packetstorm. However, Adobe posted a blog post on Tuesday that it did not know any attacks after development based on this code.

Adobe says that a specially crafted PDF file can exploit all vulnerabilities to attack and be infected.ProgramOr control the user system. The first vulnerability affects many platforms, including the "getannots ()" method for Reader and Acrobat to read JavaScript, and destroys the memory.

The second vulnerability affects only UNIX, including reading "CustomDictionaryOpen ()"
JavaScript method. These vulnerabilities affect Reader 9.1, Acrobat 9.1, and Reader
9.1.1, 8.1.5, and 7.1.2. For users that cannot implement updates, we recommend that you disable the JavaScript code of the affected program.

 

Adobe released a patch to fix a high-risk vulnerability found at the end of April. The "getannots ()" JavaScript function in Adobe Reader has a security vulnerability that may allow hackers to execute arbitrary programs.This vulnerability affects Adobe Reader, Acrobat 9.1, 8.1.4, 7.1.1, and earlier versions, and affects all platforms.

This vulnerability is a boundary condition error. Hackers can seize the opportunity to execute arbitrary programs or close the application without warning. Adobe has released patches on its official website. For more information, visit the following link:

Access:Security Updates available for Adobe Reader and Acrobat

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.