Adobe Warns of Reader, Acrobat Attack 195
itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."
Javascript Again (Score:4, Informative)
Limit permissions and seek alternatives? (Score:3, Informative)
Seems like deja vu, since this has issue cropped up before [sans.org], what with everything from Adobe wanting to install (at least on Mac and Windows) with system level privileges and enable javascript by default. [Tell me again, how is javascript a desirable feature for this file type?]
Which makes it a good idea to use alternatives like Preview, and Skim [sourceforge.net] (for OS X), as well as Foxit Reader [foxitsoftware.com] for Windows.
It's not like there's a paucity of options to get away from Adobe's bloatware, no matter what OS you're running.
Re:Limit permissions and seek alternatives? (Score:4, Informative)
Replying to my own last line as an informational thing:
http://en.wikipedia.org/wiki/List_of_PDF_software [wikipedia.org]
seen it, I think (Score:3, Informative)
Re:Preferences? (Score:4, Informative)
You could try the Edit -> Preferences -> JavaScript window. Here, I’ll make a little instruction sheet for you.
http://img38.imagefra.me/img/img38/1/12/15/clone53421/f_viwjj0m_1729695.jpg [imagefra.me]
Re:Anyone still has JavaScript enabled? (Score:4, Informative)
Re:seen it, I think (Score:4, Informative)
Re:Why need to view PDFs inline in the browser any (Score:3, Informative)
No, he’s advocating disabling MIME types of particularly egregious known repeat offenders.
Opening PDFs in the browser is just an extra convenience anyway. When I click a link to a PDF, it automatically downloads to the desktop and I can open it from there, if I actually wanted to download and open the PDF. I don’t need it to load inside my browser (and if I didn’t expect it, I probably won’t appreciate having to wait for the plugin to load).