Adobe releases patches for Acrobat and Reader

Adobe Systems has rolled out patches for security vulnerabilities found in Adobe Reader 7.0 and 7.0.1, and in Adobe Acrobat 7.0 and 7.0.1.

The hole in the products, referred to as an XML External Entity vulnerability, allows XML scripts to be used to discover a user's local files under certain circumstances.

According to Adobe officials, the vulnerability is within the Adobe Reader control. If an XML script is embedded in JavaScript, it is possible to discover the existence of local files, according to a security advisory from the company. An attacker could then maliciously use the gathered information. But the statement pointed out that the local files can be found only if the attacker knows the complete file names and paths in advance of such an attack.

The vulnerability impacts Acrobat and Reader running on Windows and Mac platforms.

Adobe recommends that Reader and Acrobat for Windows customers download the updates provided on the Adobe website at adobe.com/support/downloads.

The company said it would release an update for the Mac OS versions shortly. Until the Mac patch is available, Adobe advises end-users to disable any Acrobat JavaScript. This should protect systems from the vulnerability.

Join the newsletter!

Error: Please check your email address.

More about Adobe SystemsAdobe Systems

Show Comments
[]