Wednesday, February 25, 2009

Warning about security threat to Adobe Reader 9, Acrobat 9, earlier versions

I know I usually wouldn't think twice about opening up a .pdf, so I thought I'd pass this along.

Anyone with Adobe Reader 9 and Acrobat 9 and earlier versions beware! Adobe announced a "critical vunerability" for users that the could cause the application to crash and could potentially allow an attacker to take control of the affected system.

Adobe made the announcement last week, but says users won't be able to get a fix for it until March 11th for Adobe 9 and longer for earlier versions. That means three weeks of vunerability for any time a user opens a .pdf docutment.

According to Adobe's website, you can disable JavaScript to provide protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Users can disable JavaScript, by following the instructions below:

Launch Acrobat or Adobe Reader.
Select Edit>Preferences
Select the JavaScript Category
Uncheck the ‘Enable Acrobat JavaScript’ option
Click OK

Check this site for Adobe security bulletins.

For now, Sourcefire has released a homebrew patch for Adobe Reader 9.

1 comment:

  1. you should use foxit reader and not worry about it Regards stargazrroger

    ReplyDelete