Acrobat security flaw beckons hackers; how to cut your risk
Another day, another reason to wrap yourself in a full body condom and just stay in bed. Adobe has admitted that its popular software for creating portable document format (.pdf) documents, including the most up-to-date versions, has a critical—as in you could drive a truck through there—security vulnerability.
A blog post from Adobe’s Product Security Incident Response Team (what an absurdly self-important name) informs that all currently supported shipping versions of Reader and Acrobat (versions 9.1, 8.1.4, 7.1.1 and earlier, Mac, Unix, PC) are vulnerable to this issue, which is JavaScript related.
“Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this issue,” says the software giant. “We are working on a development schedule for these updates and will post a timeline as soon as possible.”
For its part, Computerworld reports that the vulnerability came to light after SecurityFocus posted a link to so-called “proof of concept” attack code (ie a hacker how to), saying, “An attacker can exploit this issue to execute arbitrary code with the privileges of the user running the application.”
Pinch between your fingers until you hear…
First off, if you don’t have to use Acrobat Reader, don’t. Apple’s Preview is a very capable .pdf viewer, is faster and uses a lot less memory that Adobe’s product. So, right click (control click) on the document you want to view, click “Open with” and then navigate to Preview.
If ya just gotta use Acrobat or Acrobat Reader, then Adobe advises turning off JavaScript support:
1. Launch Acrobat or Adobe Reader.
2. Select Preferences (⌘ + K)
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
We know this is a serious issue because lots of folks, including Adobe, have gotten their knickers in a bunch. So, needless to say, you probably to use the above tutorial to turn off Java, which has been fingered as the source of the vulnerability, before opening and then leaving Acrobat open all day long.
Related Posts:
