Adobe today issued a security advisory for Acrobat Reader, and there are widespread reports in the trade press that this is actively being exploited today. If you haven't already disabled Javascript in Adobe Reader, do so. Instructions are summarized below.
Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat
Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available.
.... Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
- Zero Day @ ZDNet.com: Adobe confirms PDF zero-day attacks. Disable JavaScript now
Malicious hackers are exploiting a zero-day (unpatched) vulnerability in Adobe’s ever-present PDF Reader/Acrobat software to hijack data from compromised computers.
According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild. - SC Magazine US: Exploits expected to grow for Adobe Reader zero-day bug
- Security Fix: Hackers target unpatched Adobe Reader, Acrobat flaw
- US-CERT: Adobe Reader and Acrobat Remote Code Execution Vulnerability
- Network World: Adobe warns of Reader, Acrobat attack in the wild
- ISC SANS: Adobe 0-day in the wild - again
Posts
No comments:
Post a Comment