This is an update on the Adobe Reader vulnerability first discussed on the Adobe PSIRT blog on April 27 (“Potential Adobe Reader Issue”). All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for the following supported versions and platforms to resolve this issue: Windows (9.x, 8.x, 7.x), Macintosh (9.x, 8.x) and Unix (9.x, 8.x). We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe is in contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers.
Adobe is also currently investigating the issue posted on SecurityFocus as BID 34740.
We will continue to provide updates on these issues via the Security Advisory section of the Adobe web site, as well as the Adobe PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights.
Leave a comment