Slashdot Mirror

← Back to Stories (view on slashdot.org)

Adobe Warns of Reader, Acrobat Attack

Posted by timothy on from the gnome's-reader's-pretty-good-y'know dept.

itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."

8 of 195 comments (clear)

  1. Javascript Again by Anonymous Coward · · Score: 4, Informative

    If you have to use Reader, ALWAYS disable Javascript. It always seems like that's was these exploits use. Or use one of the many PDF reader alternatives.

  2. Limit permissions and seek alternatives? by oDDmON+oUT · · Score: 2, Informative

    Seems like deja vu, since this has issue cropped up before, what with everything from Adobe wanting to install (at least on Mac and Windows) with system level privileges and enable javascript by default. [Tell me again, how is javascript a desirable feature for this file type?]

    Which makes it a good idea to use alternatives like Preview, and Skim (for OS X), as well as Foxit Reader for Windows.

    It's not like there's a paucity of options to get away from Adobe's bloatware, no matter what OS you're running.

    --
    Some days it's just not worth
    chewing through my restraints.
    1. Re:Limit permissions and seek alternatives? by oDDmON+oUT · · Score: 3, Informative

      Replying to my own last line as an informational thing:

      http://en.wikipedia.org/wiki/List_of_PDF_software

      --
      Some days it's just not worth
      chewing through my restraints.
  3. seen it, I think by 1u3hr · · Score: 2, Informative

    I was browsing a soft porn site and suddenlty Acrobat launched, then crashed. So it looks like someone really is trying to use this. Since I use Acrobat 4, I think I'm safe from this. (I need a full version of Acrobat for DTP, and version 4 does the job, and quite quickly. If I need to open a later version file I use FoxIt.)

    1. Re:seen it, I think by StuartHankins · · Score: 3, Informative

      Sounds like you need NoScript and AdBlock.

  4. Re:Preferences? by clone53421 · · Score: 3, Informative

    You could try the Edit -> Preferences -> JavaScript window. Here, I’ll make a little instruction sheet for you.

    http://img38.imagefra.me/img/img38/1/12/15/clone53421/f_viwjj0m_1729695.jpg

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.
  5. Re:Anyone still has JavaScript enabled? by Zumbs · · Score: 3, Informative

    Your wish is my command: http://www.oldversion.com/Acrobat-Reader.html.

    --
    The truth may be out there, but lies are inside your head
  6. Re:Why need to view PDFs inline in the browser any by clone53421 · · Score: 2, Informative

    No, he’s advocating disabling MIME types of particularly egregious known repeat offenders.

    Opening PDFs in the browser is just an extra convenience anyway. When I click a link to a PDF, it automatically downloads to the desktop and I can open it from there, if I actually wanted to download and open the PDF. I don’t need it to load inside my browser (and if I didn’t expect it, I probably won’t appreciate having to wait for the plugin to load).

    --
    Alexander Peter Kristopeit bought his basement from his mommy for one dollar.