Adobe Reader/Acrobat Critical Vulnerability

Adobe Reader/Acrobat Critical Vulnerability
A critical vulnerability has been discovered in the JavaScript handling within Adobe Reader and Acrobat versions 9.1 and earlier. According to the announcement, Adobe expects to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X, by May 12th, 2009. Additionally, there is a second vulnerability specific to Adobe Reader for Unix that will be resolved by this update as well. In the meantime, you can perform mitigation steps by disabling JavaScript in Reader and Acrobat: Launch Acrobat or Adobe Reader. Select Edit>Preferences Select the JavaScript Category Uncheck the ‘Enable Acrobat JavaScript’ option Click OK Ref: http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1492 http://cve.mitre.org/cgi-bin/cvename.cgi?name=2009-1493 Remember back when we used to tell people to PDF documents because it was safer than dealing with MS Office? (Thanks to "roseman" for the tip...) Tom Liston - InGuardians - Handler on Duty	Tom 160 Posts ISC Handler
Subscribe	May 4th 2009 1 decade ago
What is it about Adobe and Patch Tuesday? Do not the majority of people who use Adobe Reader and Acrobat run them on Windows? Does Adobe not know when Patch Tuesday is? Does it not occur to Adobe that system administrators and workstation automation deployment folks are a limited resources. That clone works well in prototype OO languages, but doesn't work so well on people. This is the second time in a row that Adobe has decided to resolve a zero-day by squaring my stress level on the second Tuesday of the month. Thanks, Adobe!	Anonymous
Quote	May 4th 2009 1 decade ago