The Adobe Reader 7.0.2 and Adobe Acrobat 7.02 update addresses several known issues in Adobe PDF software. This update provides improved security. It also addresses known issues associated with forms and viewing PDF files using a Weblink plug-in. For more information, read the Adobe security advisories.
The hole in the Adobe products, referred to as an XML External Entity vulnerability, under certain circumstances allows XML scripts to be used to discover a user's local files. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then maliciously use the gathered information. Still it won't be that simple to crack unpatched Acrobat software - the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.
The vulnerability impacts Acrobat and Reader running on Windows and Mac platforms. Adobe Reader and Acrobat for Windows users can download the updates -Adobe Acrobat 7.0 [exe].
The company said it will release an update for the Mac OS versions shortly. Until the Mac patch is available, Adobe advises end-users to disable any Acrobat JavaScript. This should protect systems from the vulnerability.
The hole in the Adobe products, referred to as an XML External Entity vulnerability, under certain circumstances allows XML scripts to be used to discover a user's local files. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files. An attacker could then maliciously use the gathered information. Still it won't be that simple to crack unpatched Acrobat software - the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.
The vulnerability impacts Acrobat and Reader running on Windows and Mac platforms. Adobe Reader and Acrobat for Windows users can download the updates -Adobe Acrobat 7.0 [exe].
The company said it will release an update for the Mac OS versions shortly. Until the Mac patch is available, Adobe advises end-users to disable any Acrobat JavaScript. This should protect systems from the vulnerability.
No comments:
Post a Comment