Adobe Acrobat JS Vulnerability - How to Protect Yourself - Webmaster General forum at WebmasterWorld

Forum Moderators: phranque

Message Too Old, No Replies

Adobe Acrobat JS Vulnerability - How to Protect Yourself

martinibuster

11:16 pm on Dec 15, 2009 (gmt 0)

There's a new JS vulnerability in Adobe Acrobat and Reader, according to ComputerWorld [computerworld.com]. It's going to go in the wild within a day or two. You might want to protect yourself.

To disable JavaScript in Adobe Reader or Acrobat on Windows, users must select Preferences from the Edit menu, choose "JavaScript," then uncheck the "Enable Acrobat JavaScript" option. (On the Mac, Preferences is under the "Adobe Reader" or "Adobe Acrobat" menus.)
Turning off JavaScript may be the only defense against attack until Adobe patches the problem. And it may be nearly a month before that happens: Adobe's next regularly-scheduled security updates for Reader/Acrobat are to ship Jan. 12, 2010.

icedowl

2:42 am on Dec 16, 2009 (gmt 0)

Thanks for the heads up. I've now turned my javascript off.

jdMorgan

5:00 am on Dec 16, 2009 (gmt 0)

... or look into an alternate PDF reader if you don't need to create PDFs.

Jim

phranque

5:36 am on Dec 16, 2009 (gmt 0)

Adobe Reader and Acrobat Critical Security Updates (oct 9):
[webmasterworld.com...]

Adobe Warns of Critical Vulnerability (feb 20):
[webmasterworld.com...]

try foxit - you'll never miss acrobat reader.

martinibuster

5:54 am on Dec 16, 2009 (gmt 0)

Good reminder, phranque. It's a fat target thanks to it's success.

Is it possible that Foxit is also vulnerable?

phranque

8:45 am on Dec 16, 2009 (gmt 0)

i moved to foxit for performance reasons, but it is certainly a smaller footprint and therefore less subject to exploitation.