Saturday, January 06, 2007

Patch your Adobe Reader next week...

Adobe has posted a security advisory late Thursday regarding a cross-site scripting (XSS) vulnerability in versions 7.0.8 or earlier of the Reader and Acrobat 7.0.8 that could allow remote attackers to introduce arbitrary and malicious Javascript code into a browser session. Basically, any website that hosts a PDF file can be used to conduct this attack and your PC can be victimized very easily. All a hacker has to do is find a website that has a link to a PDF file (nowadays all of them do) and then when the user clicks on that link, the Javascript executes and the attacker can move on to any traditional malfeasance like stealing browser histories, masking fraudster phishing sites, etc...

Adobe has promised to
patch their buggy software next week. Researchers fear that this bug is a much more serious problem that they initially thought and it may be the worst bug of 2007 (too early to say that right? esp. keeping in mind IE 8 is also expected to launch later this year :) ).

Anyway, the patch will be released on their support site. All you got to do is download and install the patch. Or, Adobe 8 Reader is immune to this bug and can also be downloaded free of charge from Adobe's website.

Browsers affected - Firefox 1.5, Firefox 2.0, some versions of Opera, and IE 6 on some versions of Windows (XP SP2, XP SP1), but I woundn't risk it



Anonymous Anonymous said...

Thanks, buddy.
Yes, I keep opening PDF files from within browser every now and then. I'm sure everyone does that. Definitely advise to upgrade.

2:58 PM  

Post a Comment

<< Home