It has only been a little over a month since Adobe released a security update to fix the “JBIG2” hole, yet, another has surfaced. According to the United States Computer Emergency Readiness Team (US-CERT), the exploit is made possible by an error in the “getAnnots()” JavaScript function. The concern is that if an attacker takes advantage of the vulnerability, it would give them the ability to remotely execute code on the breached machine.

All presently supported versions of the PDF reader are affected, including 9.1, 8.1.4 and 7.1.1. As of now, US-CERT is encouraging users and administrators to disable JavaScript in Adobe Reader to lower the risk of falling victim. To disable JavaScript, simply open the General Preferences dialog box and from the Edit-Preferences-JavaScript menu, uncheck “Enable Acrobat JavaScript.”

As a frequent target of malware authors, switching to an alternative PDF reader altogether may not be a bad idea, according to F-Secure Chief Research Office Mikko Hypponen. We wholly recommend Foxit Reader as a lightweight replacement for Adobe Reader.