Results 1 to 4 of 4
  1. #1
    3 Star Lounger
    Join Date
    Dec 2009
    Location
    Fresno, California, USA
    Posts
    259
    Thanks
    0
    Thanked 71 Times in 45 Posts
    I'll be updating this thread with late breaking info regarding the Adobe reader zero day. At this time there is no patch but when there is, I'll post here with my recommendations.

    Thanks in advance.

    Susan

  2. #2
    Plutonium Lounger
    Join Date
    Nov 2001
    Posts
    10,550
    Thanks
    0
    Thanked 7 Times in 7 Posts
    Here is a bit more information for those who would like to know what this is all about.

    It looks to me as though you will be safe if you have disabled Javascript in Adobe Reader, this is always a good thing to do unless you have a very good reason to enable it. You should also be protected if you have a reputable virus scanner and keep your virus signatures up to date.

  3. #3
    Silver Lounger
    Join Date
    Oct 2002
    Posts
    1,993
    Thanks
    0
    Thanked 0 Times in 0 Posts
    It would be good with a little more information, or links to pages with such information, when you decide to post, even though it's at an early stage, Otherwise one can perhaps wait with the post until there is such information.

    It's been mentioned at Adobe's PSIRT blog: New Adobe Reader and Acrobat Vulnerability [Adobe Product Security Incident Response Team (PSIRT)]. And in blog posts after that.

    There is a security bulletin released: APSA09-07 Security Advisory for Adobe Reader and Acrobat

    As Stuart mentioned, this early on one can disable JavaScript in the abovementioned Adobe products (Adobe Reader and Acrobat 9.2), if one hasn't already done that. JavaScript is, however, enabled by default, and since it is reported that the vulnerability is being actively exploited, it is critical to take a look at the settings in the software.

    The abovementioned security bulletin, the Security Advisory, will be updated, as usual, when they have scheduled a fix.

    So far a quite simple zero-day issue. As we have seen before when it comes to the PDF formart it's so far targeted attacks, in this case it's also simple to mitigate the issue.

  4. #4
    New Lounger
    Join Date
    Dec 2009
    Location
    Cook County, MN
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by StuartR View Post
    Here is a bit more information for those who would like to know what this is all about.

    It looks to me as though you will be safe if you have disabled Javascript in Adobe Reader, this is always a good thing to do unless you have a very good reason to enable it. You should also be protected if you have a reputable virus scanner and keep your virus signatures up to date.
    According to the ZDnet blog at http://blogs.zdnet.com/security/?p=5119&tag=nl.e589 , "There is little to no detection of these malicious PDF files from most of the major Antivirus vendors." ....So disable that Javascript!

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •