Adobe Reader: More Security Risks

Adobe warned the users of Adobe Reader versions 7.0.8 and 7.0.3 that these products are vulnerable to a security hole that could be potentially used by criminal elements to brake into user PCs by convincing them to view specially designed PDF documents. In order to check if you are using the abovementioned versions, simply select "About Adobe Reader" in the program`s Help menu.

As of version 3.02, Adobe Reader includes JavaScript support. This functionality allows the document creator to include code which executes when the document is read. JavaScript was designed without direct access to the file system in order to make it safe but vulnerabilities to abuse have been reported, including distribution of malicious code through Acrobat. David Kierznowski provided sample PDF files illustrating these vulnerabilities, on September 13, 2006. In the most current version of the Acrobat Reader, JavaScript can be disabled using the preferences menu and embedded URLs that are launched are intercepted by a security warning dialog box to either allow or block the website from launching.

Despite these attempts, made by Adobe to insure the safety and security of its users, the curators of the "Month of Apple Bugs" project claimed to have found a dangerous design flaw in both the Mac OS X and Windows versions of Adobe Reader, over the weekend. Users who are still using these versions are impelled to upgrade to the programs newest version: Adobe Reader version 8. An alternative to upgrading is "downgrading", as more "primitive" versions of Adobe Reader have less features and therefore are less susceptible to attack.

                                 

Related News: