23/02/2009 10:00:00 a.m.

Adobe Acrobat security warning

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

There is currently no patch for this issue and Adobe is expecting to release one for Adobe Reader and Acrobat version 9 on about the 11 March 2009. Patches for version 8 and 7 will follow subsequently.

 

How to protect yourself until 11 March

• Do not access PDF documents from untrusted sources.
• Do not open unfamiliar or unexpected PDF documents, particularly those hosted on web sites or delivered as email attachments.
• Disable JavaScript in Adobe Reader and Acrobat. 
  Disabling Javascript may prevent this vulnerability from being exploited.  Some vendors ship javascript support in a separate package. Removing this package may remove javascript support in the Adobe PDF Reader.
• Disable the displaying of PDF documents in the web browser Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. If this workaround is applied to updated versions of the Adobe reader, it may mitigate future vulnerabilities.

To disable Javascript in Adobe Acrobat:

1. Open Adobe Acrobat Reader
2. Open the Edit menu
3. Choose the preferences option
4. Choose the Javascript section
5. Un-check the "Enable Acrobat Javascript" check box.

To prevent PDF documents from automatically being opened in a web browser:

1. Open Adobe Acrobat Reader
2. Open the Edit menu
3. Choose the preferences option
4. Choose the Internet section
5. Un-check the "Display PDF in browser" check box.

Read more about this security issue on the Adobe website.