Rechercher
Contactez-nous Suivez-nous sur Twitter En francais English Language
 

Freely subscribe to our NEWSLETTER

Newsletter FR

Newsletter EN

Vulnérabilités

Unsubscribe

Sophos urges Adobe to disable JavaScript

July 2010 by Sophos

In a recent blog post, Vanja Svajcer, principal virus researcher at Sophos, has urged software provider Adobe to begin disabling JavaScript in its products by default. This comes following the most recent security update for Adobe Acrobat and Reader which fixed a serious vulnerability that relies on JavaScript code.

The vulnerability – named CVE-2010-1297 – involved a booby-trapped PDF file which would contain a Flash animation and relied on Javascript for the exploit to work. The exploit is more complex than previous Adobe exploits, potentially marking a new trend in the development of Adobe exploits.

“The common thread in most, if not all, Adobe exploits is the requirement for JavaScript – as exploits will work correctly only if JavaScript is enabled,” said Vanja Svajcer principal virus researcher at Sophos. “This is why we recommend all users disable JavaScript in Adobe Acrobat and Reader.”

“The company’s regular security updates show that Adobe is now doing more to address vulnerabilities, but the high number of patched vulnerabilities indicate that it may be a good time for Adobe to overhaul its approach to building security into its products,” continued Svajcer. “If nothing else, JavaScript should be disabled by default in Adobe Reader.”

Sophos recommends that all users disable JavaScript in Adobe Acrobat and Reader by default.


See previous articles

    

See next articles


Your podcast Here

New, you can have your Podcast here. Contact us for more information ask:
Marc Brami
Phone: +33 1 40 92 05 55
Mail: ipsimp@free.fr

All new podcasts