Adobe falls through XML flaw

Adobe has issued a security advisory warning users to patch a flaw in its popular Acrobat and Reader software.

The bug lies within the Adobe Reader control and potentially allows a hacker to find files held locally on a PC.

An XML script would need to be designed and inserted into a Javascript file which could then be used to open access to local files.

A patch has already been developed for Windows users, but Apple users will have to wait a little longer. However, Adobe has published a workaround that it says should leave users protected.

"Adobe will release an update for Mac OS shortly," said the company in a statement. "Until that update is available, disable any Acrobat JavaScript to protect your system from this vulnerability."

To disable JavaScript in Acrobat, choose Adobe > Preferences > JavaScript and deselect Enable Acrobat JavaScript.

Adobe's recently launched PDF reader for Linux users is not affected.