Network Computing Dark Reading

Advertise

Perimeter

Guest Blog // Selected Security Content Provided By Sophos
What's This?

4/29/2009
01:48 AM

Graham Cluley
Security Insights

0 comments
Comment Now

50%

Zero-Day Flaw Hits All Versions Of Adobe PDF Reader

I can't put this any more plainly: If you use Adobe Reader, I urge you to disable its JavaScript support today.

I can't put this any more plainly: If you use Adobe Reader, I urge you to disable its JavaScript support today.A serious security vulnerability has been found in all versions of Adobe's ubiquitous PDF reading software that could allow hackers to run unauthorized code to execute on your computer.

According to a blog post from Adobe's security response team, all currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, 7.1.1, and earlier versions) are vulnerable.

Yes, that means this advice is for you whether you use Windows, Macintosh, or Unix.

Users are advised to disable JavaScript in Adobe Reader and Acrobat by following these instructions:

1. Launch Acrobat or Adobe Reader. 2. Select Edit/Preferences 3. Select the JavaScript Category 4. Uncheck the 'Enable Acrobat JavaScript' option 5. Click OK

Why most people would ever need JavaScript support inside their PDF readers is another matter entirely. Seems to me like a time bomb that was always waiting to explode.

In my view it would be safer if a wider variety of PDF readers were in use, rather than the vast majority of computer users all relying on Adobe. A list of alternative (and free) PDF readers can be found at pdfreaders.org/

It's not that alternative PDF readers can't have bugs and serious security issues. They can. But at least it would mean a more diverse environment that would make life trickier for the hackers.

Graham Cluley is senior technology consultant at Sophos, and has been working in the computer security field since the early 1990s. When he's not updating his other blog on the Sophos Website, then you can find him on Twitter at @gcluley. Special to Dark Reading.

Comment |

Email This |

Print |

RSS

More Insights

Webcasts

Developing and Managing an Endpoint Security Strategy for Your Enterprise

[UC Security] How Analytics Addresses the Threats You Don't Know About

More Webcasts

White Papers

In Today's Age of Digital Transformation, How Does Your Firewall Measure Up?

2019 Malware Trends of the Phishing Landscape

More White Papers

Reports

The Future of Network Security is in the Cloud

2019 SANS Incident Response Survey Report

More Reports

Comments

Newest First | Oldest First | Threaded View

[close this box]

Be the first to post a comment regarding this story.

Hot Topics

Editors' Choice

How Attackers Used Look-Alike Domains to Steal $1 Million From a Chinese VC

Jai Vijayan, Contributing Writer, 12/6/2019

US Sets $5 Million Bounty For Russian Hacker Behind Zeus Banking Thefts

Jai Vijayan, Contributing Writer, 12/5/2019

VPN Flaw Allows Criminal Access to Everything on Victims' Computers

Dark Reading Staff 12/5/2019

Live Events

Webinars

[Video] Shaping the Future of IT CIO Lightning Series - Interop19

[Video] An (Ir)rational Approach to Interoperability - Interop19

Cisco & Amazon Web Services to Keynote at Enterprise Connect 2020

More Informa Tech Live Events

White Papers

Splunk Security Predictions 2020

In Today's Age of Digital Transformation, How Does Your Firewall Measure Up?

2019 Malware Trends of the Phishing Landscape

SANS Report: Cloud Security Survey

Definitive Guide to Securing DevOps

More White Papers

Video

All Videos

Cartoon Contest

Write a Caption, Win a Starbucks Card! Click Here

Latest Comment: Our Endpoint Protection system is a little outdated...

Cartoon Archive

Current Issue

The Year in Security: 2019

This Tech Digest provides a wrap up and overview of the year's top cybersecurity news stories. It was a year of new twists on old threats, with fears of another WannaCry-type worm and of a possible botnet army of Wi-Fi routers. But 2019 also underscored the risk of firmware and trusted security tools harboring dangerous holes that cybercriminals and nation-state hackers could readily abuse. Read more.

Download This Issue!

Back Issues | Must Reads

Flash Poll

All Polls

Reports

Rethinking Enterprise Data Defense

Frustrated with recurring intrusions and breaches, cybersecurity professionals are questioning some of the industry’s conventional wisdom. Here’s a look at what they’re thinking about.

Download Now!

Assessing Cybersecurity Risk in Today's Enterprise

0 comments

2019 Online Malware and Threats

0 comments

The State of IT Operations and Cybersecurity Operations

0 comments

More Reports

Twitter Feed

Tweets about "from:DarkReading OR @DarkReading"

Bug Report

Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database

CVE-2019-16246
PUBLISHED: 2019-12-12

Intesync Solismed 3.3sp1 allows Local File Inclusion (LFI), a different vulnerability than CVE-2019-15931. This leads to unauthenticated code execution.

CVE-2019-17358
PUBLISHED: 2019-12-12

Cacti through 1.2.7 is affected by multiple instances of lib/functions.php unsafe deserialization of user-controlled data to populate arrays. An authenticated attacker could use this to influence object data values and control actions taken by Cacti or potentially cause memory corruption in the PHP ...

CVE-2019-17428
PUBLISHED: 2019-12-12

An issue was discovered in Intesync Solismed 3.3sp1. An flaw in the encryption implementation exists, allowing for all encrypted data stored within the database to be decrypted.

CVE-2019-18345
PUBLISHED: 2019-12-12

A reflected XSS issue was discovered in DAViCal through 1.1.8. It echoes the action parameter without encoding. If a user visits an attacker-supplied link, the attacker can view all data the attacked user can view, as well as perform all actions in the name of the user. If the user is an administrat...

CVE-2019-19198
PUBLISHED: 2019-12-12

The Scoutnet Kalender plugin 1.1.0 for WordPress allows XSS.

To save this item to your list of favorite Dark Reading content so you can find it later in your Profile page, click the "Save It" button next to the item.

If you found this interesting or useful, please use the links to the services below to share it with other readers. You will need a free account with each service to share an item via that service.
Tweet This
[close this box]