Slashdot Mirror
Adobe Warns of Reader, Acrobat Attack
itwbennett writes "Monday afternoon, Adobe 'received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,' the company said in a post to the company's Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several 'tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,' Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe's software as a work-around for this problem. (This can be done by un-checking the 'Enable Acrobat JavaScript' in the Edit -> Preferences -> JavaScript window). 'This is legit and is very bad,' Shadowserver added."
...was the last good Reader version, with the installer weighing in at a whopping 6MB. After that, feature creep turned it into insane bloatware. I'm willing to bet that 99.9% of PDFs out there are 5.x "compliant" and do not need these newer "features" we never really asked for in the first place.
Hey Adobe, are you listening? How about you give us JUST a Reader? I would say call it Reader Light, but you would probably get sued by many a beer company...
I agree. These security vulnerabilities appear to be a weekly occurrence. Anyone that hasn't disabled Javascript in Reader/Acrobat at this point either doesn't care about the numerous vulnerabilities or doesn't understand the risks involved.
I agree. These security vulnerabilities appear to be a daily occurrence. Anyone that hasn't disabled Javascript, Acrobat/Adobe Reader, Flash, Quicktime, Java, etc. at this point either doesn't care about the numerous vulnerabilities or doesn't understand the risks involved.