Adobe Flaw May Be ‘Worst’ Bug Of 2007

Over the past couple days I have noticed a rather large increase in pingbacks and overall traffic to my Adobe Acrobat vs Foxit Reader article. I thought it may have had something to do with including it in the “Posts of Interest”. Then I started following the pingbacks and discovered there is a major flaw involving Adobe Acrobat Reader version 7.0.8 and malicious JavaScript. Here is part of the article Adobe Flaw May Be ‘Worst’ Bug Of 2007 from Yahoo!:

“Adobe has promised to patch buggy versions of its popular Reader software next week to close a cross-site scripting vulnerability that some researchers say has the potential to be the worst of all 2007.

The vulnerability in Adobe Reader and an associated browser plug-in was first publicized Wednesday by security firms, which said the bug could let hackers misuse trusted Adobe PDF (Portable Document Format) files as carriers of malicious JavaScript code.

Adobe, which had earlier promised to patch the vulnerable versions of Reader, posted a security advisory late Thursday with details of the bug. “A cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat 7.0.8 could allow remote attackers to inject arbitrary JavaScript into a browser session,” the advisory read. It did not divulge a specific day next week for its patch release, and recommended that users update to version 8 of Reader or Acrobat if possible.

From what I can recall this is not the first (or second) time there has been security issues with the Adobe Readers. Just all the more reason why I recommend ditching the Acrobat and getting Foxit Reader (which works with any Windows browser not just Firefox).