PDA

View Full Version : Security Alert - Disable JavaAcript in Acrobat Reader NOW!


sidney
December 15th, 2009, 09:13 PM
Today, on ZDNet: Adobe confirms PDF zero-day attacks. Disable JavaScript now (http://blogs.zdnet.com/security/?p=5119) talks about a vulnerability in a JavaScript function within Adobe Acrobat Reader 9.2 and earlier.

Excerpts from the article:
According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.
1. There currently is no patch or update available that completely protects against this exploit.
2. There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.
In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable JavaScript:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

Or, better yet, use an alternative PDF Reader software program.

Judy G. Russell
December 15th, 2009, 10:54 PM
Today, on ZDNet: Adobe confirms PDF zero-day attacks. Disable JavaScript now (http://blogs.zdnet.com/security/?p=5119) talks about a vulnerability in a JavaScript function within Adobe Acrobat Reader 9.2 and earlier.Oh great... Thanks for the heads-up, Sidney.

sidney
December 16th, 2009, 02:33 AM
One point I want to make sure is clear to anyone reading this: You only need to disable Javascript in the preferences for Adobe Acrobat Reader (and I assume Acrobat Professional).

This problem does not require you to disable Javascript in your web browser.

Jeff
December 16th, 2009, 11:50 AM
One point I want to make sure is clear to anyone reading this: You only need to disable Javascript in the preferences for Adobe Acrobat Reader (and I assume Acrobat Professional).

This problem does not require you to disable Javascript in your web browser.

Done. Thanks Sidney!

- Jeff

Andrew B.
December 17th, 2009, 11:23 AM
Thanks. I don't need javascript there anyway. Or, at least, I assume I don't.