A recently discovered vulnerability in Adobe Reader allows an attacker to compromise the system with the privileges of the user running Reader. The vulnerability occurs because of the way Reader parses PDF files. Opening a malicious PDF file may trigger the bug, causing exploitation.
Attacks using this vulnerability have been seen in the wild. There are reports that adversaries are actively targeting a number of users, for exploitation.
The only known workaround to date is to disable Acrobat JavaScript. Any user can disable Adobe JavaScript by following these simple steps:
1. Start Adobe Reader.
2. Select Edit, then Preferences from the menu. The Preferences dialog box opens.
3. Select JavaScript from the list of Categories to the left.
4. Click to uncheck the option “Enable Acrobat JavaScript.”
5. Click OK.
For more details about this vulnerability and a video demonstration of the steps to disable Adobe JavaScript, please visit the following posting on SecurityOrb.com: http://www.securityorb.com/
No comments:
Post a Comment