Critical Adobe PDF Vulnerability: Disable JavaScript!

Started by Corrine, December 15, 2009, 09:14:16 PM

Previous topic - Next topic

0 Members and 1 Guest are viewing this topic.

Print
Go Down Pages1
User actions

Corrine

December 15, 2009, 09:14:16 PM
There is yet another vulnerability in Adobe Reader and Adobe Acrobat 9.2, including all earlier versions, being actively exploited in the wild. although the exploit is actively being used by attackers, at this time the number of attacks are limited. This is expected to change within the next few weeks.

All users of Adobe Reader and Adobe Acrobat 9.2 are strongly encouraged to incorporate the suggested workaround by disabling JavaScript in Adobe PDF Reader/Acrobat:
Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

For home use, you may wish to replace Adobe Reader with an alternate PDF reader. Other options are available at http://pdfreaders.org/.

New Adobe Reader and Acrobat Vulnerability



Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Corrine

#1
December 16, 2009, 10:46:52 PM
Update: Adobe PSIRT announced plans to issue an update to Adobe Reader and Acrobat by January 12, 2010. In addition, the official Security Advisory was posted at Adobe - Security Advisories: APSA09-07.




Take a walk through the "Security Garden" -- Where Everything is Coming up Roses!

Remember - A day without laughter is a day wasted.
May the wind sing to you and the sun rise in your heart.

Eric the Red

#2
December 16, 2009, 11:23:02 PM
The Internet Storm Center is tracking this and their updates contain information about the malware and details of one site to block (one at the time of writing, others will probably be found hosting the malware).

http://isc.sans.org/diary.html?storyid=7747
"The time to start running is around about the "e" in "Hey, you!" "
Print
Go Up Pages1
User actions