Another major Adobe Reader vulnerability unearthed

By on
It has only been a little over a month since Adobe released a security update to fix the “JBIG2” hole, yet, another has surfaced. According to the United States Computer Emergency Readiness Team (US-CERT), the exploit is made possible by an error in the “getAnnots()” JavaScript function. The concern is that if an attacker takes advantage of the vulnerability, it would give them the ability to remotely execute code on the breached machine.

All presently supported versions of the PDF reader are affected, including 9.1, 8.1.4 and 7.1.1. As of now, US-CERT is encouraging users and administrators to disable JavaScript in Adobe Reader to lower the risk of falling victim. To disable JavaScript, simply open the General Preferences dialog box and from the Edit-Preferences-JavaScript menu, uncheck “Enable Acrobat JavaScript.”

As a frequent target of malware authors, switching to an alternative PDF reader altogether may not be a bad idea, according to F-Secure Chief Research Office Mikko Hypponen. We wholly recommend Foxit Reader as a lightweight replacement for Adobe Reader.

Add New Comment

TechSpot Members
Login or sign up for free,
it takes about 30 seconds.
You may also...
Get complete access to the TechSpot community. Join thousands of technology enthusiasts that contribute and share knowledge in our forum. Get a private inbox, upload your own photo gallery and more.