Adobe’s security team notes new serious vulnerability

Adobe has issued a warning to its users in regard to what it termed a ‘serious vulnerability’ that affects Windows, Mac and Unix users of Adobe’s Acrobat Reader Software.

The vulnerability employs a JavaScript error which can enable malicious code execution on any of the operating systems mentioned above.

Adobe has advised users to disable JavaScript in Adobe Reader and Acrobat until a patch is released for the flaw. The company has not stated when a patch will be ready for the vulnerability.

In the security advisory Adobe said ‘All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue.’

For now, the company recommends disabling the JavaScript option by the following steps:

  1. Open Acrobat or Adobe Reader
  2. Select ‘Edit’ Preferences
  3. Choose JavaScript Category
  4. Uncheck the ‘Enable Acrobat JavaScript’ option
  5. Click OK and exit

In regard to other PDF readers and this particular vulnerability Graham Cluley of Sophos noted this on his blog, ‘As we predicted in the Sophos 2009 Security Threat Report, hackers are increasingly looking at commonly used browser plugins like Adobe Flash and PDF in their attempts to infect innocent computer users.’

Cluley also noted that while it might be a temporary fix to switch to another PDF reader, ‘if everyone switched en masse to the same alternative to Adobe Reader, we’d all be in the same pickle again.’

Other security advisors are suggesting that JavaScript be removed from PDF Readers completely as a permanent solution.

You May Also Like

About the Author: Nettie Hartsock

Leave a Reply