Scope (?):  All Topics
Hot or Not?

Adobe PDF attack update: Patch coming Jan 12

submitted on December 17, 2009 by HouTex in "Member's Lounge"
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.

These are the software versions affected:

Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh

Adobe recommends temporary mitigation until a patch is available. Here are the instructions:


1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK

Or you can use an alternate PDF reader like Foxit, Sumatra, PDF-Xchange, CoolPDF or eXPert PDF.

At , F-Secure Labs posted screens showing that when the PDF file is opened in Adobe Acrobat/Reader it attempts to download an executable file.


Leave a Comment (members Sign in to comment)


E-Mail (will not be published)

2 x 3 = ?


'Mr Green''Neutral''Twisted''Arrow''Eek''Smile''Confused''Cool''Evil''Big Grin''Idea''Red Face'



Browse by tags