Reminder & New Exploit for Adobe Reader
Just recently (I am a little late on this story however), they have found a zero-day exploit (IE: it was already being used to run arbitrary code on peoples machines when found), in Adobe Reader and Acrobat.
The exploit takes advantage of the fact that almost all of the newer versions of this software leave JavaScript on by default. While I have never personally seen, or heard, of a PDF file using JavaScript, it is included, and enabled by default. The good news is that disabling JavaScript in the application removes no functionality.
The affected versions are Adobe Reader & Acrobat 7.x, 8.x and 9.x. If you are running any of these versions you can run the update utility which patches the software from being vulnerable to this exploit.
There is however another way to prevent this exploit from ever being used, which is to simply turn off JavaScript inside Adobe Reader and Acrobat. Below are instructions for how to do so.
- Turning off JavaScript inside Adobe Reader & Acrobat 9 (Older versions should be similar).
- Open Adobe Reader or Acrobat
- Click on Edit>Preferences
- Click JavaScript in the list to the left.
- Un-check “Enable Acrobat JavaScript” in the first check-box.
- Un-check (If checked) “Enable JavaScript menu item execution privileges”
Doing the above steps will keep you protected from this exploit even if you do not install the update, and in fact, I highly recommend leaving JavaScript off at all times in this program anyway, unless it is explicitly needed by the PDF you are reading/working with.
You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.
