Home » Adobe Acrobat, Adobe Reader

Update on the Acrobat and Reader Security Flaw

6 Mar 2009 | | No Comment

The official patch for the recently announced security flaw in Adobe Acrobat and Adobe Reader is still roughly a week away, but in the mean time, a number of third parties have taken this opportunity to promote their own products, which aren’t affected by the security flaw.

PDFescape.com recomments that you use their online PDF editor instead of Adobe Acrobat or Adobe Reader because it uses JavaScript engine in Internet Explorer to handle JavaScript in PDF, instead of using Adobe’s JavaScript engine — which is where the security flaw is located.

Foxit Software took the opportunity to highlight their lightweight PDF reader, Foxit Reader, by emailing their customers to notify them that they were not vulnerable to the same attack.

And as Karl covered a few days ago, a researcher build a home-brewed patch for the security flaw.

Meanwhile, Didier Stevens  has been busy investigating the security flaw in more detail and has published a blog post that shows three ways the security flaw can be triggered without even opening the PDF document.

For everyone’s sake, hopefully the patch from Adobe arrives sooner, rather than later.

1 Star2 Stars3 Stars4 Stars5 Stars (No Ratings Yet)

Leave your response!

You must be logged in to post a comment.