Last week, two Adobe Acrobat/Reader vulnerabilities were reported for all current versions (v7.x through v9.x). They were announced as Zero Day vulnerabilities; meaning exploits existed and were publicly published. A few days ago, Adobe took the reports and published a Security Bulletin.
The vulnerability allows the application to crash and further allows an attacker (a rogue web site or a link from a web site, email, etc) to execute code to take control over an affected system.
The second vulnerability only affects Linux/Unix systems.
Adobe doesn’t seem to be rushing to release a fix; instead putting the burden on Anti-virus vendors “regarding both of these issues in order to ensure the security of our mutual customers.”
Their resolution is to disable Javascript within Acrobat or Adobe Reader (Edit > Preferences > Select Javascript category > uncheck the Enable Acrobat Javascript option). Mind you, this is the same suggestion as one from another recent vulnerability.
Where are the anti-Microsoft naysayers that shame Microsoft any time there is an Office vulnerability??; much less the lynch mob that would camp out at Bill Gates’ house if MS was to say “we’ll get back to ya in a week”.
OSG: Bits, Bytes and Packets 