Wednesday, December 16, 2009

Zero Day Vulnerability in Adobe Reader

There is a zero day security exploit for the Adobe PDF Reader that is currently out in the wild and for which there is no patch.  It exploits a vulnerability in Reader’s Javascript implementation.

Details here.

If you must use Adobe Reader you should disable Javascript until this is fixed.

  • On Windows, launch Adobe Reader and go to Edit > Preferences > JavaScript and uncheck Enable Acrobat JavaScript.
  • On a Mac, launch Adobe Reader go to the Adobe Reader menu > Preferences > JavaScript and uncheck Enable Acrobat JavaScript.


Alternative free PDF viewers are Preview.app on Mac (included with OS X), and Foxit Reader on Windows.

No comments: