A security flaw has been found in Adobe Reader, and experts suggest you disable JavaScript to prevent this flaw from being exploited. Friendly Computers has more information below…
Security experts are recommending that people disable JavaScript in Adobe Reader following reports of a vulnerability in the popular portable document format reader on Tuesday.
The vulnerability appears to be due to an error in the "getAnnots()" JavaScript function and exploiting it could allow someone to remotely execute code on the machine, according to an advisory from the US-CERT.
"US-CERT encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk," the post said. "To disable JavaScript in Adobe Reader, open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, uncheck 'Enable Acrobat JavaScript.'"
Reader 8.1.4 and 9.1 for Linux are vulnerable and other versions or platforms may also be affected, according to Security Focus.
Adobe said it was aware of reports of a potential vulnerability. "We are currently investigating, and will have an update once we get more information," Adobe said on its blog.
At the RSA security conference last week, F-Secure Chief Research Officer Mikko Hypponen said Internet users should switch to using an alternative PDF reader because of the security issues with Adobe Reader. A list of them is available on the PDFReaders.org Web site.
Of the targeted attacks so far this year, more than 47 percent of them exploit holes in Acrobat Reader, while six vulnerabilities have been discovered that target the program, he said.
Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before.
