January 9, 2007

Acrobat flaw threatens both Firefox and IE browsers

A recent conference of the Chaos Computer Club hacker group in Germany included a discussion of an Adobe Acrobat Reader flaw that affects both Firefox and Internet Explorer browsers. While initially thought to only cause exposure to random code on Web sites, the vulnerability can also expose the contents of a user's local hard drive to hackers. To address the problem, upgrade to Adobe Reader 8 immediately.

In other browser news, Opera users need to update to version 9.10 in order to eliminate two threats. The first threat is a vulnerability in createSVGTransformFromMatrix (JavaScript/SVG), which can allow execution of arbitrary code on the vulnerable system. (Disable JavaScript as a temporary fix.) The second threat involves both a denial-of-service threat and an arbitrary code execution threat caused by a malformed JPEG file header.


No comments: