sidney
December 15th, 2009, 09:13 PM
Today, on ZDNet: Adobe confirms PDF zero-day attacks. Disable JavaScript now (http://blogs.zdnet.com/security/?p=5119) talks about a vulnerability in a JavaScript function within Adobe Acrobat Reader 9.2 and earlier.
Excerpts from the article:
According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.
1. There currently is no patch or update available that completely protects against this exploit.
2. There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.
In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable JavaScript:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript
Or, better yet, use an alternative PDF Reader software program.
Excerpts from the article:
According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.
1. There currently is no patch or update available that completely protects against this exploit.
2. There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.
In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable JavaScript:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript
Or, better yet, use an alternative PDF Reader software program.