Friday, December 18, 2009

New Adobe Reader Vunerability

Adobe Acrobat has another newly discovered 0 day vulnerability.

As usual the fix is to disable JavaScript in Acrobat Reader. Adobe won't have a patch out till Jan 12.
If you have to do it network wide follow the instructions from this post I did back in October to do it via logon scripts.

Upgrade to 9.2 even though it is technically vulnerable, if you turn off JavaScript (which you should do even after the patch is out) 9.2 will let you enable JavaScript on a document by document basis as needed. (usually it is NOT necessary)

No comments: