DarkFiber Consulting – IT Managed Services

Adobe Releases Security Bulletin for Critical Vulnerability

October 14th, 2009 . by DarkFiber Consulting

Adobe has released security bulletin APSB09-15 to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.

DarkFiber Consulting encourages users and administrators to take the following actions to help mitigate the risks:

  • Review Adobe Security Bulletin APSB09-15.
  • Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check “Enable Acrobat JavaScript”).

Adobe Reader and Acrobat JavaScript Vulnerabilities

May 9th, 2009 . by DarkFiber Consulting

DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.

DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:

  1. Open the General Preferences dialog box
  2. From the Edit menu, select Preferences and then choose JavaScript
  3. Un-check Enable Acrobat JavaScript

Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.