The official patch for the recently announced security flaw in Adobe Acrobat and Adobe Reader is still roughly a week away, but in the mean time, a number of third parties have taken this opportunity to promote their own products, which aren’t affected by the security flaw.

PDFescape.com recomments that you use their online PDF editor instead of Adobe Acrobat or Adobe Reader because it uses JavaScript engine in Internet Explorer to handle JavaScript in PDF, instead of using Adobe’s JavaScript engine — which is where the security flaw is located.

Foxit Software took the opportunity to highlight their lightweight PDF reader, Foxit Reader, by emailing their customers to notify them that they were not vulnerable to the same attack.

And as Karl covered a few days ago, a researcher build a home-brewed patch for the security flaw.

Meanwhile, Didier Stevens  has been busy investigating the security flaw in more detail and has published a blog post that shows three ways the security flaw can be triggered without even opening the PDF document.

For everyone’s sake, hopefully the patch from Adobe arrives sooner, rather than later.

Related Posts:
• Security Updates available for Adobe Reader 9 and Acrobat 9
• Three Security Vulnerabilities Fixed In New Foxit Reader Release
• Researcher builds home-brewed security patch for Adobe Reader

Advertisement