Free Newsletter
Register for our Free Newsletters
Newsletter
Zones
Access Control
LeftNav
Alarms
LeftNav
Biometrics
LeftNav
Detection
LeftNav
Deutsche Zone (German Zone)
LeftNav
Education, Training and Professional Services
LeftNav
Government Programmes
LeftNav
Guarding, Equipment and Enforcement
LeftNav
Industrial Computing Security
LeftNav
IT Security
LeftNav
Physical Security
LeftNav
Surveillance
LeftNav
View All
Other Carouselweb publications
Carousel Web
Defense File
New Materials
Pro Health Zone
Pro Manufacturing Zone
Pro Security Zone
Web Lec
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
ProSecurityZone Sponsor
 
 
News

JavaScript Vulnerability Advice For Adobe

Sophos : 02 July, 2010  (Technical Article)
Sophos is recommending JavaScripts to be disabled as a default in Adobe Acrobat and Reader to close a vulnerability in the product
In a recent blog post, Vanja Svajcer, principal virus researcher at IT security and control firm Sophos, has urged software provider Adobe to begin disabling JavaScript in its products by default. This comes following the most recent security update for Adobe Acrobat and Reader which fixed a serious vulnerability that relies on JavaScript code.

The vulnerability - named CVE-2010-1297 - involved a booby-trapped PDF file which would contain a Flash animation and relied on Javascript for the exploit to work. The exploit is more complex than previous Adobe exploits, potentially marking a new trend in the development of Adobe exploits.

"The common thread in most, if not all, Adobe exploits is the requirement for JavaScript - as exploits will work correctly only if JavaScript is enabled," said Vanja Svajcer principal virus researcher at Sophos. "This is why we recommend all users disable JavaScript in Adobe Acrobat and Reader."

"The company's regular security updates show that Adobe is now doing more to address vulnerabilities, but the high number of patched vulnerabilities indicate that it may be a good time for Adobe to overhaul its approach to building security into its products," continued Svajcer. "If nothing else, JavaScript should be disabled by default in Adobe Reader."

Bookmark and Share
 
Home I Editor's Blog I News by Zone I News by Date I News by Category I Special Reports I Directory I Events I Advertise I Submit Your News I About Us I Guides
 
   © 2012 ProSecurityZone.com
Netgains Logo