 How to protect yourself from the Adobe Reader PDF JavaScript Vulnerability |
Welcome Guest ( Log In | Click here to Register a free account now! )
Register a free account to unlock additional features at BleepingComputer.com
Welcome to Bleeping Computer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.
 Feb 22 2009, 12:38 AM
Post
#1
|
|
 Bleep Bleep!  Group: Admin Posts: 31,601 Joined: 24-January 04 From: USA Member No.: 3  |
 On Feb 19th Adobe released a security bulletin stating that Adobe Reader is vulnerable to javascript attacks that could allow remote control of your machine. Unfortunately, the fix for this vulnerability is scheduled to be released on March 11th, so that allows enough time for hackers and malware distributors to start ramping up the use of this vulnerability to attack your computers. At the present time there has already been reports of this vulnerability being used.To protect yourself from these types of attacks it is suggested that you disable javascript from running within PDF documents. For the vast majority of users, this will have no affect on the reading of legitimate PDF documents. It will, though, give a warning when a PDF document is trying to execute javascript and you can then decide if you would like to allow it. To protect yourself, open Adobe Reader and once it is open, click on the Edit menu option and then select Preferences. When the preferences screen opens, click on the javascript category. Then uncheck the checkbox labeled Enable Acrobat javascript. When done, your screen should look like the image below. Then press the OK button to save your settings.  javascript preferences screen in Adobe Reader Adobe Reader should now be safe from this javascript based attack. 2/26/09 Update: It appears that disabling javascript will stop most attacks, but it is still possible to exploit this vulnerability without javascript. More info here. For now it is advised that you switch to a different PDF reader. There is a good discussion on different types of PDF readers in the comments.  Link : Adobe Security Bulletin-------------------- |
 |
 
|
Posts in this topic
Grinler How to protect yourself from the Adobe Reader PDF JavaScript Vulnerability Feb 22 2009, 12:38 AM
JohnWho Replacing Adobe Reader with Foxit Reader 3.0 would... Feb 22 2009, 10:10 AM Lloyd T Thanks, Grinler! :thumbup2: Feb 22 2009, 01:00 PM Vaerli i've found adobe acrobat reader to be more of a pa... Feb 22 2009, 01:56 PM crzyallday0514 I just read the post about Adobe Reader vulnerabil... Feb 23 2009, 12:39 PM
JohnWho I just read the post about Adobe Reader vulnerabil... Feb 23 2009, 05:51 PM Jay-P VIP It sounds like a good recommendation to install Fo... Feb 23 2009, 11:17 PM Yourhighness I switched to PDF X-Change Viewer. The Programme j... Feb 24 2009, 12:35 AM Jay-P VIP Oh. Nice added idea to the mix! :) Feb 24 2009, 12:36 AM crzyallday0514 Thanks for your help and especially the suggestion... Feb 24 2009, 12:58 AM Jay-P VIP Check this out
Adobe flaw appeared last month... Feb 24 2009, 12:58 AM Lloyd T Hmm..Adobe Reader is starting to look like cheese.... Feb 24 2009, 04:25 PM Jay-P VIP :hysterical: That made my day! Feb 24 2009, 09:20 PM crzyallday0514 Okay, I've uninstalled Adobe Reader and preparing ... Feb 25 2009, 03:54 PM Jay-P VIP Use the installer if you want the work done for yo... Feb 25 2009, 03:57 PM crzyallday0514 Thanks. Constantly learning. Like it to be insta... Feb 25 2009, 04:10 PM Lloyd T Remove them, you don't need them. There should be ... Feb 25 2009, 05:12 PM Jay-P VIP Acrobat.com is simply the use of that website on y... Feb 25 2009, 09:33 PM JohnWho Here folks is a comparison of my installs of Foxit... Feb 26 2009, 10:01 AM crzyallday0514 I was shocked when I saw how big Adobe Reader was ... Feb 26 2009, 12:51 AM Jay-P VIP CCleaner has a complete uninstall feature on their... Feb 26 2009, 12:59 AM crzyallday0514 Thanks. Just got that recently so haven't yet lea... Feb 26 2009, 01:37 AM Yourhighness PDF-XChange zip file is a whole 17.91Mb, but its p... Feb 26 2009, 10:43 AM Jay-P VIP Foxit reader is amazing!
Yourhighness, I rea... Feb 26 2009, 02:34 PM JohnWho They are both good PDF readers and for the majorit... Feb 26 2009, 04:45 PM RedDawn Foxit Wants to Install Ask Toolbar
Foxit Reader h... Feb 26 2009, 08:22 PM RedDawn Another alternative PDF viewer to Adobe that I've ... Feb 26 2009, 08:25 PM RedDawn Regarding the Adobe Reader/Acrobat 0-day Vulnerabi... Feb 26 2009, 08:31 PM Jay-P VIP How about:
Xpdf Feb 26 2009, 09:17 PM Grinler Thanks for alerting us. That is not good news. T... Feb 26 2009, 09:26 PM Jay-P VIP On RedDawn about the crippleware...no it is not, a... Feb 26 2009, 09:43 PM Jay-P VIP I also posted a new topic in General chat with lin... Feb 26 2009, 09:57 PM RedDawn Ah, it seems I may have been misinformed, I don't ... Feb 26 2009, 10:12 PM Yourhighness Foxit reader is amazing!
Yourhighness, I rea... Feb 27 2009, 01:17 AM Jay-P VIP ok, very good news that we have great alternatives... Feb 27 2009, 02:13 AM scff249 That's what a part of what BC is all about! O... Feb 27 2009, 02:39 AM Jay-P VIP You said it! Great resources and free software... Feb 27 2009, 02:45 AM Grinler Though the patch most likely works properly, I am ... Feb 27 2009, 07:51 AM Jay-P VIP I wouldn't either now that I think about it!
... Feb 27 2009, 12:21 PM tylerisdabest could deleting or disabling adobe make it safe? Feb 27 2009, 12:03 PM fuzzywuzzy6 When trying to access local government or local ch... Feb 27 2009, 01:46 PM Jay-P VIP This is a hefty vulnerability, nonetheless! Feb 27 2009, 01:54 PM Caramello I think I may have already fallen prey to a hacker... Feb 27 2009, 09:09 PM Jay-P VIP If you think you may have an infection, please nav... Feb 27 2009, 10:19 PM tg1911 You've already done it.
You've posted to the Hijac... Feb 27 2009, 10:24 PM Lloyd T How do I know if I got hacked? Feb 27 2009, 11:07 PM Jay-P VIP Please note friends, that this is the second time ... Feb 28 2009, 12:26 AM VIDEOGUY! I just downloaded PDF-XChange, http://www.docu... Feb 28 2009, 10:03 PM mamamia Okay I removed adobe reader and adobe.com. How abo... Mar 1 2009, 07:56 AM Jay-P VIP Keep Adobe Flash. As far as I have heard from deve... Mar 1 2009, 08:28 AM JohnWho But, make sure you are using the most current, pat... Mar 1 2009, 10:02 AM scff249 Just got my parent's computers to switch to Foxit.... Mar 2 2009, 12:25 AM Lloyd T Finally got rid of Adobe Reader and replaced it wi... Mar 4 2009, 05:38 PM Swordie I personally find Adobe Reader to be a very bulky ... Mar 4 2009, 08:11 PM Jay-P VIP I find Adobe Reader to be bloatware. With all the ... Mar 4 2009, 09:13 PM Swordie Jay, that is a brilliant idea. Tell them about Fox... Mar 4 2009, 10:45 PM Jay-P VIP You are right. They need to know whats really good... Mar 5 2009, 12:40 AM Jay-P VIP RE: How to protect yourself from the Adobe Reader PDF JavaScript Vulnerability Mar 5 2009, 01:15 AM RedDawn [b]Zero-day Adobe PDF peril goes click free
[url... Mar 6 2009, 06:18 AM scff249 :blink: ....ouch..... Mar 8 2009, 02:16 AM -KiKi- I un-installed my Adobe Reader 8.1 just a while ag... Mar 8 2009, 04:29 PM -KiKi- Wasn't the official patch released today? Not tha... Mar 11 2009, 02:18 PM -KiKi- Okay, so far I have been happy with Foxit Reader..... Mar 12 2009, 05:58 PM JohnWho -KiKi-
Could you provide links to those PDFs that... Mar 12 2009, 09:08 PM -KiKi- -KiKi-
Could you provide links to those PDFs that... Mar 13 2009, 12:21 AM JohnWho For testing purposes, would you download one or ea... Mar 13 2009, 02:43 PM -KiKi- For testing purposes, would you download one or ea... Mar 13 2009, 05:37 PM snowdrop Bookmarking ,as I was not previously aware of this... Mar 13 2009, 03:57 PM JohnWho OK, thanks. Mar 13 2009, 07:37 PM Jay-P VIP Foxit reader is so amazingly better than Adobe Rea... Mar 13 2009, 09:17 PM black069 TAKE EXTRA CAUTION IF INSTALL OR UPDATE FOXIT READ... Mar 15 2009, 02:51 AM -KiKi- TAKE EXTRA CAUTION IF INSTALL OR UPDATE FOXIT READ... Mar 15 2009, 02:44 PM DSTM Adobe has issued a fix for the Zero Day vulnerabil... Mar 15 2009, 03:08 AM
Jay-P VIP Hello friends!
Uncheck the install for the to... Mar 15 2009, 04:27 AM  |
2 User(s) are reading this topic (2 Guests and 0 Anonymous Users)
0 Members:
| Lo-Fi Version | Time is now: 21st November 2009 - 11:23 PM |
© 2003-2009 All Rights Reserved Bleeping Computer LLC.