Tuesday, December 15, 2009

Adobe Reader Security Advisory today - disable JavaScript NOW

Adobe today issued a security advisory for Acrobat Reader, and there are widespread reports in the trade press that this is actively being exploited today. If you haven't already disabled Javascript in Adobe Reader, do so.  Instructions are summarized below.

Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available.

.... Customers who are not able to utilize the JavaScript Blacklist functionality can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK

No comments: