Vulnerabilities in Adobe Reader and Acrobat may allow an attacker to take control of your computer. Adobe has released a bulletin to address these issues.
Upgrade
Adobe recommends that users with version 8 of Adobe Reader or Acrobat upgrade to version 8.1.3. Links to these versions are available in the security bulletin.
Disable JavaScript in Adobe Reader and Acrobat
Disabling JavaScript in Adobe Reader and Acrobat may prevent this vulnerability from being exploited. In Acrobat Reader, JavaScript can be disabled in the General preferences dialog:
- Open the Edit menu
- Choose the Preferences option
- Choose the JavaScript option
- De-select "Enable Acrobat JavaScript"
In "Security update available for Adobe Reader 8 and Acrobat 8," Adobe addresses vulnerabilities that affect some versions of Reader and Acrobat. By convincing a user to download a malicious PDF file, an attacker could execute code or cause a computer to crash. The malicious file could be downloaded by just visiting a malicious website that contains the file.
For more technical information, see US-CERT Technical Cyber Security Alert TA08-309A.
- Security Update available for Adobe Reader 8 and Acrobat 8 - <http://www.adobe.com/support/security/bulletins/apsb08-19.html>
- US-CERT Technical Cyber Security Alert TA08-309A - <http://www.us-cert.gov/cas/techalerts/TA08-309A.html>
- Securing Your Web Browser - <http://www.us-cert.gov/reading_room/securing_browser/>
Feedback can be directed to US-CERT.
Produced 2008 by US-CERT, a government organization. Terms of use
Revision History
November 04, 2008: Initial release