US-CERT issues vulnerability warning for Adobe Reader

Chicago (IL) – A new Adobe Reader vulnerability has reportedly been discovered. According to US-CERT (US Computer Emergency Readiness Team), the vulnerability is due to an error in the “getAnnots()” JavaScript function.

“Exploitation of this vulnerability may allow a remote attacker to execute arbitrary code,” warned a post on the US-CERT homepage. The post also recommended disabling JavaScript in Adobe Reader to help “mitigate” the risk.

Adobe confirmed that it was aware of the new “getAnnots()” report.  

“We are currently investigating, and will have an update once we get more information,” Adobe said on its blog.

It should be noted that F-Secure’s chief research officer, Mikko Hypponen, recently recommended that users uninstall Adobe Reader in favor of a more secure PDF viewer. Hypponen explained that at least six vulnerabilities targeting Adobe’s PDF reader have been found.

A number of free PDF readers are currently available for download, including Bluebeam’s PDF Revu. The program features tabbed navigation for opening multiple files and is capable of displaying up to 16 PDFs simultaneously. All PDF files, whether opened from a network drive or downloaded from the Internet, are opened in Bluebeam’s standalone application, rather than a browser. In addition to free PDF viewing and printing, Bluebeam PDF Revu functions as a trial for PDF creation, markup and editing for 30 days after installation.

“PDF users who heed Hypponen’s advice and uninstall Adobe Reader can use Bluebeam PDF Revu for secure PDF viewing,” said Bluebeam spokesperson Don Jacob. “Bluebeam is built on more modern technology, so it isn’t susceptible to the types of security attacks that have recently affected many Adobe Reader users.”