Monday, January 4, 2010

PDF exploits now in the wild! Disable Javascript in Adobe Reader

Just read a technical explanation of how it works, and it isn't being detected by most anti-virus programs yet. If you use Adobe Reader instead of my preferred reader, Foxit Reader, follow the advise in the paragraph below:

Sophisticated, targeted malicious PDF documents exploiting CVE-2009-4324
Since this exploit has not been patched yet, I would like to urge you all to, at least, disable JavaScript in your Adobe Reader applications. We are getting more reports about PDF documents exploiting this vulnerability, and it certainly appears that the attackers are willing to customize them to get as many victims to open them as possible. Also keep in mind that such malicious PDF documents can go to a great length when used in targeted attacks – the fake PDF that gets opened can easily fool any user into thinking it was just a mistakenly sent document.

I would also disable Javascript in Foxit Reader just for safety.

No comments: