Adobe Reader bug allows access to user's local drive

You'll recall that yesterday, we reported on an Adobe Reader flaw that could allow a malicious PDF link to trigger a Universal Cross Site Scripting (UXSS) attack via plug-ins in Firefox and Opera. Well, it turns out that that bug may be far more critical than initially suspected. It has been discovered that by directing a PDF link to a PDF on the user's hard drive using a bit of JavaScript, a hacker could gain access to that local drive. "This means any JavaScript can access the user's local machine," said Billy Hoffman, lead engineer for SPI Dynamics. "Depending on the browser, this means the JavaScript can read the user's files, delete them, execute programs, send the contents to the attacker, et cetera." As we noted yesterday, Adobe Reader users are being advised to upgrade to version 8 until Adobe issues a patch for older versions.

ALSO: OpenOffice has patched a highly-critical flaw. Article