Update, March 11th: Adobe now has a patch for Adobe Reader 9.x and Adobe Acrobat 9.x. If you use an older family such as Adobe Reader 8.x, Adobe does not have a patch ready yet.
If you have the full-on Adobe Acrobat software (the paid version that can create PDF files, not the freebie reader), then start your Adobe software and run the Adobe Updater by clicking Help > Check For Updates.
Update: Secunia reports that it's possible to exploit Adobe's vulnerability even with JavaScript disabled. Their top suggestion: don't open PDF files if you're not sure they're trustworthy.
The bad guys have begun exploiting a vulnerability in Adobe Reader/Acrobat software. This is a cross-platform vulnerability (Windows, Linux and Mac). In the past, PDF vulnerabilities have been reached via "malvertisements" sneaked onto legit websites. Direct email of malicious PDF files is another possible attack vector.
Adobe says they'll have a patch available ~March 11th to fix it. In the meantime, if you have Adobe Reader and/or Acrobat installed, disable JavaScript.
1) start Reader (and Acrobat if you have it)
2) click Edit > Preferences
3) in the Preferences, click Javascript and uncheck the box for JavaScript.
disable JavaScript to prevent easy exploitation
Windows XP and Windows Vista users can also fully enable Data Execution Prevention to help prevent this type of attack.
Fully enable the Data Execution Prevention (WinXP/Vista/7)
- Mac: ftp://ftp.adobe.com/pub/adobe/reader/mac/9.x/9.1/(the "enu" directory contains the English-language version, by the way)
- Windows: ftp://ftp.adobe.com/pub/adobe/reader/win/9.x/9.1/ (The "enu" directory contains the English-language version. I recommend using the smallest installer, the one that's 26MB and does not include Adobe AIR)
- Linux: keep waiting, because Adobe does not have a patch ready yet :sigh:
If you have the full-on Adobe Acrobat software (the paid version that can create PDF files, not the freebie reader), then start your Adobe software and run the Adobe Updater by clicking Help > Check For Updates.
Update: Secunia reports that it's possible to exploit Adobe's vulnerability even with JavaScript disabled. Their top suggestion: don't open PDF files if you're not sure they're trustworthy.
The bad guys have begun exploiting a vulnerability in Adobe Reader/Acrobat software. This is a cross-platform vulnerability (Windows, Linux and Mac). In the past, PDF vulnerabilities have been reached via "malvertisements" sneaked onto legit websites. Direct email of malicious PDF files is another possible attack vector.
Adobe says they'll have a patch available ~March 11th to fix it. In the meantime, if you have Adobe Reader and/or Acrobat installed, disable JavaScript.
1) start Reader (and Acrobat if you have it)
2) click Edit > Preferences
3) in the Preferences, click Javascript and uncheck the box for JavaScript.
disable JavaScript to prevent easy exploitation
Windows XP and Windows Vista users can also fully enable Data Execution Prevention to help prevent this type of attack.
Fully enable the Data Execution Prevention (WinXP/Vista/7)
Last edited:
