Companies: #adobe In what is starting to feel like a case of deja vu, a group of security researchers has announced a JavaScript buffer vulnerability in Adobe's Acrobat range of products ...

Adobe, although they have admitted to the flaw, has not given a time line for fixing the affected applications with include Acrobat (Reader as well) 9.1, 8.1.4, 7.1.1 and earlier. Read more here ...

The critical-severity Adobe Acrobat and Reader vulnerabilities could enable arbitrary code execution and are part of a 14-CVE patch update.

Disable JavaScript now According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

This week, however, Adobe reacted faster to reports that its software was vulnerable. In February, Adobe acknowledged the bug on Feb. 19, but waited until Feb. 24 to recommend disabling JavaScript.

Adobe fixed multiple security vulnerabilities in both Reader and Acrobat 9 and X for Mac OS X and Windows. The company also added a new JavaScript whitelisting feature.

Shadowserver said that several “tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x.

Sophos believes that Adobe needs to 'overhaul its approach to building security in its products' and could start by ensuring that users decide if Javascript is enabled.