How to protect yourself from the Adobe Reader PDF JavaScript Vulnerability Options

[Grinler]

On Feb 19th Adobe released a security bulletin stating that Adobe Reader is vulnerable to javascript attacks that could allow remote control of your machine. Unfortunately, the fix for this vulnerability is scheduled to be released on March 11th, so that allows enough time for hackers and malware distributors to start ramping up the use of this vulnerability to attack your computers. At the present time there has already been reports of this vulnerability being used.

To protect yourself from these types of attacks it is suggested that you disable javascript from running within PDF documents. For the vast majority of users, this will have no affect on the reading of legitimate PDF documents. It will, though, give a warning when a PDF document is trying to execute javascript and you can then decide if you would like to allow it. To protect yourself, open Adobe Reader and once it is open, click on the Edit menu option and then select Preferences. When the preferences screen opens, click on the javascript category. Then uncheck the checkbox labeled Enable Acrobat javascript. When done, your screen should look like the image below. Then press the OK button to save your settings.

javascript preferences screen in Adobe Reader

Adobe Reader should now be safe from this javascript based attack.

2/26/09 Update: It appears that disabling javascript will stop most attacks, but it is still possible to exploit this vulnerability without javascript. More info here. For now it is advised that you switch to a different PDF reader. There is a good discussion on different types of PDF readers in the comments.

Link : Adobe Security Bulletin

[JohnWho]

Replacing Adobe Reader with Foxit Reader 3.0 would resolve that issue, too, wouldn't it?

[Lloyd T]

Thanks, Grinler!

[Vaerli]

i've found adobe acrobat reader to be more of a pain than it's ever been a help. .pdf files are annoying.. but i recently got it on my computer for some manuals. I might just remember foxit next time i wipe my hard drive.

[crzyallday0514]

I just read the post about Adobe Reader vulnerability. I unchecked JavaScript but I'm thinking it might be best to get Foxit Reader 3.0. If I decide to go with Foxit Reader am I going to be able to read all PDFs? As you can tell, I am no at all knowledgeable about any of this. Also, what do I need to know about uninstalling Adobe Reader and all its files?

[JohnWho]

I just read the post about Adobe Reader vulnerability. I unchecked JavaScript but I'm thinking it might be best to get Foxit Reader 3.0. If I decide to go with Foxit Reader am I going to be able to read all PDFs?

Yes, you should be able to read all PDFs just as you could would Adobe Reader.

As you can tell, I am no at all knowledgeable about any of this. Also, what do I need to know about uninstalling Adobe Reader and all its files?

In Control Panel, "add/remove programs" or "Programs and Features", you can uninstall it.

I would re-boot at that point, and then install Foxit Reader. While probably not necessary, it is always a good practice, in my opinion. Every once in awhile an uninstall may not go well, and this helps avoid any problem.

Enjoy.

[Jay-P VIP]

It sounds like a good recommendation to install Foxit reader and use it instead or Adobe Reader. Thanks for the tips, friends!

[Yourhighness]

I switched to PDF X-Change Viewer. The Programme just offers even more features and is freeware too . Of course it will avoid the adobe vulnerability, but the more popular software gets, the more likely it becomes targeted in the long run too.

-edit- a feature overview here: http://www.docu-track.com/FeatureChartEU.pdf

This post has been edited by Yourhighness: Feb 24 2009, 12:37 AM

[Jay-P VIP]

Oh. Nice added idea to the mix!

[crzyallday0514]

Thanks for your help and especially the suggestion about re-booting. Nice to know you're keeping "an eye out...". Almost jumped out of my seat when I saw that thing. Oops, I hope that's not your real eye...if so, it's a real nice one.

[Jay-P VIP]

Check this out

Adobe flaw appeared last month!

[Lloyd T]

Hmm..Adobe Reader is starting to look like cheese...I should really consider replaicing it with another alternative.

[Jay-P VIP]

That made my day!

[crzyallday0514]

Okay, I've uninstalled Adobe Reader and preparing to download Foxit 3.0. Went on site and there are 3 files and don't know which I'm supposed to download. 3 files are: installer.exe (which I know I have to have); Zip package, and .msi. I'm thinking the Zip package will have everything I need but got confused because there were 3 downloads. Sure ya'll are getting really tired of having to answer my questions, but OMG how I do appreciate it!!

[Jay-P VIP]

Use the installer if you want the work done for you.

Use the zip file if you want to scan the files of this program before it is installed. (Advantage of Zip files is the ability of scanning files before they are installed, prevents malware invasions)