Threat Center Security News Adobe to release software patch next week
Adobe to release software patch next week Print E-mail
Written by Rebecca Mints   
Monday, 02 March 2009 23:40

An advisory from software vendor Adobe is still cautioning its patrons about unpatched vulnerabilities in Acrobat and Reader even as it said a software patch to resolve all issues will be released next week.

The flaw on Acrobat and Reader have allowed attackers to trick its users into clicking malicious files and visiting web pages, hence opening doors for malware. Known as clickjacking, the attack prompted Adobe to issue a series of updates for Acrobat and Reader although a complete patch has not been released.

The Adobe Product Security Incident Response Team (PSIRT), in its blog post Tuesday, said the software patch for Adobe Reader 9 and Acrobat 9 will be out before March 11. Updates for Adobe Reader 7 and 8, and Acrobat 7 and 8 will also be made available by March 18.

Meanwhile, Adobe has asked its patrons to protect themselves against attacks by installing previously posted updates. In the past week, Adobe has already posted in its website an update intended to correct several flaws in Flash, including running arbitrary codes. Four other vulnerabilities in Flash have so far been corrected in the updates.

Adobe said a number of security firms have agreed to provide additional protection to dampen the assault against its widely-used software, including McAfee, Symantec and TrendMicro.

While the Psirt said disabling JavaScript may protect Flash and Acrobat against known attacks, it warned users that the vulnerability is not in the scripting engine.

“Disabling Javascript does not eliminate all risks,” the team said in its blog and proceeded to list down instructions on how to disable JavaScript:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK


WTW Threat Level