« "Try to imagine that you have two phones: one is Pre and the other one is Palm OS device" | Main | "Apple Introduces Revolutionary New Laptop With No Keyboard" »

May 08, 2009

JavaScript zero day threat found in Adobe Reader and Acrobat

I'm listening to Steve Gibson's Security Now podcast #195 where he alerts his audience to the JavaScript zero day threat found in Adobe Reader and Acrobat that can be used for a remote code execution exploit. He mentions that he can think of no reason why a PDF reader should require JavaScript, but I'm guessing that it's to support some of the multimedia functions which aren't used for the typical PDF file. I could be wrong.

Adobe addressed this problem on their blog on April 28 where they provide the temporary fix:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Leo Laporte, the host of the podcast, says that he's happy with Foxit Reader, which "is notable for its short load time and small filesize." But alas, pshaw and regrettably, you also have to disable its JavaScript option.


Comments

blog comments powered by Disqus