JavaScript zero day threat found in Adobe Reader and Acrobat
I'm listening to Steve Gibson's Security Now podcast #195 where he alerts his audience to the JavaScript zero day threat found in Adobe Reader and Acrobat that can be used for a remote code execution exploit. He mentions that he can think of no reason why a PDF reader should require JavaScript, but I'm guessing that it's to support some of the multimedia functions which aren't used for the typical PDF file. I could be wrong.
Adobe addressed this problem on their blog on April 28 where they provide the temporary fix:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
Leo Laporte, the host of the podcast, says that he's happy with Foxit Reader, which "is notable for its short load time and small filesize." But alas, pshaw and regrettably, you also have to disable its JavaScript option.
Comments