Adobe Systems will issue patches next week for older versions of its Reader and Acrobat Reader software, which contain a dangerous vulnerability that could be used for phishing attacks or to remotely access files on a computer.The problem affects versions 7.0.8 and earlier of the Acrobat and Reader programs. Adobe is telling users of those versions to disable the Acrobat and Reader plug-in in their Web browser until the patches are issued.Since the problem became public, Adobe has also been encouraging customers to upgrade to Reader 8, the latest version of its program, which is not affected by the vulnerability.Some users can’t upgrade to the new version, however, so Adobe will issue the patches for those users next week, Meredith Mills, an Adobe spokeswoman, said via e-mail. Security experts warned that the cross-site scripting vulnerability could let an attacker run arbitrary JavaScript code on a targeted machine by linking to a PDF file on the machine.In a phishing attack, for example, a hacker could add JavaScript to a URL that links to a PDF document on a site. If the link is opened, the JavaScript would run, inserting a form soliciting the user’s password at a banking site, with the information transferred back to the hacker. Adobe is also warning users to exercise caution when clicking on untrusted links, since those links could be manipulated to run an exploit.Security vendor Websense wrote on Thursday that an attacker could also gain access to files on a machine.Exploits will apparently work only with certain combinations of Web browsers and Adobe software, but Adobe did not specify which combinations.Symantec wrote in its blog that the vulnerability affects the Firefox Web browser. Further tests showed that users running a combination of Internet Explorer 6 and Adobe Reader 7 on Windows XP Service Pack 1, and Internet Explorer 6 and Adobe Reader 4 on Windows XP Service Pack 2, are also vulnerable, Symantec wrote.By Jeremy Kirk, IDG News Service (London Bureau)Keep checking in at our Security Feed for updated news coverage. Related content opinion Preparing for the post-quantum cryptography environment today It’s a mistake to put off the creation of precautions against quantum threats, no matter how far in the future you might think quantum computing will become a reality. By Christopher Burgess Sep 26, 2023 5 mins CSO and CISO Encryption Threat and Vulnerability Management feature What is WorldCoin's proof-of-personhood system? What does the blockchain, AI, and custom hardware system featuring a shiny, eye-scanning orb mean for the future of identity access management? By Matthew Tyson Sep 26, 2023 12 mins Cryptocurrency Cryptocurrency Cryptocurrency news analysis DHS unveils one common platform for reporting cyber incidents Ahead of CISA cyber incident reporting regulations, DHS issued a report on harmonizing 52 cyber incident reporting requirements, presenting a model common reporting platform that could encompass them all. By Cynthia Brumfield Sep 25, 2023 10 mins Regulation Government Incident Response news Chinese state actors behind espionage attacks on Southeast Asian government The distinct groups of activities formed three different clusters, each attributed to a specific APT group. By Shweta Sharma Sep 25, 2023 4 mins Advanced Persistent Threats Cyberattacks Podcasts Videos Resources Events SUBSCRIBE TO OUR NEWSLETTER From our editors straight to your inbox Get started by entering your email address below. Please enter a valid email address Subscribe