Adobe admits to flaw in all versions of Reader

Adobe has reported yet more flaws in its software

Adobe has issued a security alert about a serious flaw in all shipping versions of its Reader software, affecting PC, Apple and Unix versions.

The flaw, which came to light yesterday, concerns Reader's execution of JavaScript, and allows attackers to run code on targeted systems or crash the application.

The US Computer Emergency Response Team has also issued a security advisory on the problem, which occurs in the 'getAnnots' JavaScript function.

"All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue," said Adobe in a blog post.

"Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue."

The company has given no timeline for the release of a patch, but has said that no exploits have yet been seen in the wild.

The announcement is embarrassing for Adobe, coming after a series of flaws revealed last month. Some security experts are even recommending that users switch to free, alternative document readers.

"We have said it before but it is worth repeating: use an alternative to Adobe Acrobat Reader," said Patrik Runald, a security response manager at F -Secure, in a blog post.

"We won't recommend any reader over another, as it would be better if people use a wide variety of them. A list of readers can be found at PDFreaders.org. Others are Foxit and CutePDF."