Adobe fix for PDF XSS vulnerability

Looks like version 7.0.9 for Acrobat has been released today to address the PDF XSS flaw discussed last December and widely reported on January 3rd:

Adobe has provided an update to resolve a vulnerability in Adobe Reader and Acrobat. For more information, please refer to the APSB07-01 Security Bulletin. This cross-site scripting (XSS) vulnerability in versions 7.0.8 and earlier of Adobe Reader and Acrobat could allow remote attackers to inject arbitrary JavaScript into a browser session.

Bad stuff if you use a browser and view PDFs…which is basically (almost) everyone who “browses the web”. Recently the debate had moved on to how the flaw allows remote attackers to browse files on your local system…

You can also just upgrade to Acrobat 8.

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.