Free Republic
Browse · Search		 News/Activism
Topics · Post Article

Skip to comments.

Adobe Reader 9.3 patch addresses critical JavaScript security issue (Applies to all Windows + Apple)
Betanews ^ | January 13, 2010 | Scott M. Fulton, III

Posted on 01/13/2010 12:04:04 PM PST by Wooly

Usually on a Patch Tuesday, the discussion turns to Microsoft; but amid a very light round of Windows fixes, it's Adobe in the spotlight today. Last month, a serious and potentially easily exploitable vulnerability was found in a JavaScript API call, DocMedia.NewPlayer -- a situation where an intentionally crafted PDF file could invoke the call, deallocate the memory allocated when the media player is generated, and then execute the code in that de-allocated memory, without need for privilege.

Adobe Reader 9.3 was released today, right on schedule, to address this issue. In the meantime, the company is realizing the changing nature of the platform business, and how Reader/Acrobat and Flash are now just as susceptible to potential attacks as any other platform, including Windows. Interestingly, the cross-platform nature of the Acrobat platform means that Mac users were just as susceptible to this exploit as Windows users.

Beyond today's update, Adobe is busy working on non-improvised means for improving its platform users' security long-term. Already last October, it began implementing what it calls the JavaScript Blacklist Framework -- a way for its platforms to maintain actively updated lists of non-trusted sources for executable content. Last month, Adobe advised users to use this Framework to effectively blacklist the API call -- a way of turning off the vulnerable function (which was rarely in use anyway) as an alternative to disabling JavaScript.

TOPICS: Culture/Society; Miscellaneous
KEYWORDS: adobe; apple; computers; mac; macvirus; microsoft
Update your Adobe reader as soon as possible. You can also get the latest version at www.thesoftwarepatch.com Also if you are running Windows XP you need to update your Adobe Flash player to the latest version.
1 posted on 01/13/2010 12:04:07 PM PST by Wooly
[ Post Reply | Private Reply | View Replies]
To: Wooly

It seems like they keep making the same mistakes time after time.


2 posted on 01/13/2010 12:08:40 PM PST by Blood of Tyrants (The Second Amendment. Don't MAKE me use it.)
[ Post Reply | Private Reply | To 1 | View Replies]
To: Wooly

Too late for me. What ever it is used Adobe to attack my desk top computer now I cannot log on to Windows. I hope everyone follows your advice.


3 posted on 01/13/2010 12:32:59 PM PST by MCF
[ Post Reply | Private Reply | To 1 | View Replies]
To: Wooly
Haven't used Adobe's junk in years. Before I left windows completely, I used Sumatra.
4 posted on 01/13/2010 12:38:31 PM PST by shorty_harris
[ Post Reply | Private Reply | To 1 | View Replies]
To: Wooly

Thank goodness Fedora uses Okular for pdf files...


5 posted on 01/13/2010 1:15:59 PM PST by zeugma (Proofread a page a day: http://www.pgdp.net/)
[ Post Reply | Private Reply | To 1 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search		 News/Activism
Topics · Post Article
FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson