Managing JavaScript Execution in the Acrobat Family of Products

| No Comments

JavaScript support is one of Acrobat’s and Adobe Reader’s most powerful features, and Adobe provides several controls that enable tuning application behavior so that JavaScript (JS) executes within your desired level of security. The mitigation for the recent Security Advisory discusses the JavaScript Blacklist Framework.

 

I’ve composed a "Required Reading" list for developers and IT managers who need to get a handle on how the Blacklist works. The mitigation TechNote for Security Advisory – APSA09-07 describes how to mitigate the vulnerability but doesn’t give the big picture on how surgical you can get with controlling JavaScript so you don’t need to disable it completely. Take a look at the documents below.

 

Required Reading:

  Managing JavaScript Execution in the
Acrobat Family of Products

  Adobe Reader and Acrobat JavaScript Blacklist Framework

  Adobe Reader and Acrobat JavaScript Blacklist Framework Mitigation for Security Advisory – APSA09-07