October 14th, 2009 . by DarkFiber Consulting
Adobe has released security bulletin APSB09-15 to alert users of a critical vulnerability in Adobe Reader and Acrobat. Adobe indicates that it has received reports of active exploitation of this vulnerability. Release of an update for this vulnerability is scheduled for Tuesday, October 13.
DarkFiber Consulting encourages users and administrators to take the following actions to help mitigate the risks:
- Review Adobe Security Bulletin APSB09-15.
- Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check “Enable Acrobat JavaScript”).
Posted in Security Alerts | No Comments »
Tagged With: Acrobat Adobe • Acrobat Javascript • Adobe Acrobat • Adobe Reader • Critical Vulnerability • Reader Acrobat • Security Bulletin • Tuesday October
May 9th, 2009 . by DarkFiber Consulting
DarkFiber Consulting is aware of public reports of two vulnerabilities affecting Adobe Reader and Acrobat. The JavaScript methods customDictionaryOpen() and getAnnots() do not safely handle specially crafted arguments and can be manipulated to execute arbitrary code.
DarkFiber Consulting encourages users and administrators to disable JavaScript in Adobe Reader to help mitigate the risk:
- Open the General Preferences dialog box
- From the Edit menu, select Preferences and then choose JavaScript
- Un-check Enable Acrobat JavaScript
Additional information regarding these vulnerabilities can be found in the Adobe PSIRT blog entry and in the Vulnerability Notes Database. DarkFiber Consulting will provide additional information as it becomes available.
Posted in Security Alerts | No Comments »
Tagged With: Acrobat Javascript • Adobe Acrobat • Adobe Help • Adobe Reader • Arbitrary Code • Blog • Enable Javascript • Javascript Check • Javascript Help • Javascript Methods • Menu Javascript • Reader Acrobat • Risk • Vulnerability Notes Database