/ciol/media/agency_attachments/c0E28gS06GM3VmrXNw5G.png)
Follow UsBANGALORE, INDIA: IT security and data protection firm, Sophos, has urged software provider Adobe to begin disabling JavaScript in its products by default.
This comes following the most recent security update for Adobe Acrobat and Reader which fixed a serious vulnerability that relies on JavaScript code said a press release.
The vulnerability, named CVE-2010-1297, involved a booby-trapped PDF file which would contain a Flash animation relied on JavaScript for the exploit to work. The exploit is more complex than previous Adobe exploits, potentially marking a new trend in the development of Adobe exploits, it added.
“The common thread in most, if not all, Adobe exploits is the requirement for JavaScript, as exploits will work correctly only if JavaScript is enabled,” said Vanja Svajcer principal virus researcher at Sophos.
"The company’s regular security updates show that Adobe is now doing more to address vulnerabilities, but the high number of patched vulnerabilities indicate that it may be a good time for Adobe to overhaul its approach to building security into its products,” continued Svajcer.
“If nothing else, JavaScript should be disabled by default in Adobe Reader.”