Adobe / pdf bug warning

[AZZenny]

Got this from a software-QA blogger friend. It's real. I get a load of pdfs for work, and they are turning up more and more places as documents on websites.

Please read below, about a critical Adobe Reader vulnerability that can affect Windows, Mac & Linux, and may lead to the complete compromise of the operating system. The issue will take at least
two weeks to get a fix, and users will have to download the patch from Adobe to fix their system. For older versions the wait could be anywhere between 1-3 months.

There is no remediation available at the moment, so we suggest that you are ***EXTRA CAREFUL*** when opening PDF documents from unknown or suspicious sources. IT IS PREVENTABLE.


For those who haven't seen this yet, Adobe announced a critical
vulnerability in their Adobe Reader software last week. The issue is
exploited when a user has Javascript enabled within Adobe Reader and
opens a malicious PDF file. This could result in system
compromise/execution of arbitrary code. There is currently no patch for
this issue and Adobe has announced a patch will not be issued for over
two weeks. I've read some reports that indicate it affects Windows, Mac
OSX and Linux systems and it is currently being exploited in the wild. Major antivirus vendors have been notified.

For more information, please see Adobe's announcement here:

http://www.adobe.com/support/security/advisories/apsa09-01.html

Here's another site with slightly more information:

http://networkcomputing.in/Informat...Critical-Vulnerability-In-Acrobat-Reader.aspx

For information on disabling Javascript in Adobe Reader please see these
postings about changing the appropriate registry keys:

http://www.acrobatusers.com/forums/aucbb/viewtopic.php?pid=44321
http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090221

 

[Sandan]

Patch is out this morning

 

[DeAnna]

I'm now using FoxIt which is a pdf reader and a whole lot smaller file size to download.