“Adobe Systems Inc. late yesterday acknowledged that all versions of its popular PDF software, including editions for Windows, the Mac and Linux, contain at least one, and possibly two, critical vulnerabilities,” Gregg Keizer reports for Computerworld.
“‘All currently supported shipping versions of Adobe Reader and Acrobat, [Versions] 9.1, 8.1.4 and 7.1.1 and earlier, are vulnerable to this issue,’ said David Lenoe, the company’s security program manager, in a blog entry yesterday. Lenoe was referring to a bug in Adobe’s implementation of JavaScript that went public early Tuesday,” Keizer reports.
“In lieu of a patch, Lenoe recommended that users disable JavaScript in Reader and Acrobat by selecting Preferences from the Edit menu, choosing ‘JavaScript,’ then unchecking the ‘Enable Acrobat JavaScript’ option. (On the Mac, Preferences is under the ‘Adobe Reader’ or ‘Adobe Acrobat’ menus.) That recommendation is identical to what he offered two months ago when Adobe owned up to a different critical vulnerability, one that was already being used by attackers at the time,” Keizer reports.
“Some security experts have urged users to switch PDF viewers. Finnish security company F-Secure Corp. repeated that recommendation today. ‘We’ve said it before, but it’s worth repeating — use an alternative to Adobe Acrobat Reader,’ said Patrik Runald, a security response manager at F-Secure, in a notice on the company’s site,” Keizer reports.
Full article here.
MacDailyNews Take: We assume that most Mac users use Safari’s inline PDF viewer and/or Preview and/or Leopard’s Quick Look to view PDFs, but for those using Adobe’s piece of s… uh, software, here ya go (and you might want to reconsider your choice of PDF viewers).
