Adobe PDF - Zero Day JavaScript attacks circulating in the wild

Posted Sunday, December 20, 2009 10:00 AM by hwaldron

 Lightning Please be careful with all PDF files, keep AV protection updated, and look for future Adobe releases which will address this issue. I usually keep JS off unless it's required to fill out a PDF form.

Adobe PDF - Zero Day attack circulating
http://www.adobe.com/support/security/advisories/apsa09-07.html
http://www.avertlabs.com/research/blog/index.php/2009/12/16/another-adobe-reader-zero-day-take-care/

QUOTE: Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available

Star HOW TO DISABLE JAVASCRIPT IN ADOBE READER

Customers can mitigate the issue by disabling JavaScript in Adobe Reader and Acrobat using the instructions below:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK

Comments

No Comments