Another Adobe Reader vulnerability Emerged
Another hole in Adobe Reader that could allow attackers to remotely execute malicious code on end-users' machines was discovered on Tuesday.
The vulnerability is due to an error in the 'getAnnots()' JavaScript function. The flaw may give a chance to a remote attacker to publish malicious code, a United States Computer Emergency Readiness Team (US-CERT) wrote in a statement release from their website.
Adobe is aware of reports of a potential vulnerability in Adobe Reader 9.1 and 8.1.4, as described in SecurityFocus BID 34736, “according to Adobe Product Security Incident Response Team.
Last February, Adobe reader was hit by attackers to install malicious software when users open a PDF file inside of Microsoft Outlook.
Adobe advisory lacks advice to help its users, however US-CERT encourage everyone to disable a JavaScript in Adobe Reader to keep away from the vulnerabilities and problem it may cause.
We are currently investigating, and will have an update once we get more information,” according to Adobe Product Security Incident Response Team.
The company promised promise that they would update more information about the incident upon knowing more but for now they are still in the process of investigating.
© Copyright IBTimes 2024. All rights reserved.