Sunday, May 03, 2009

Adobe Reader Vulnerability

The Adobe Product Response Team reported:
"A Security Advisory has been posted in regards to the Adobe Reader vulnerability last mentioned in the Adobe PSIRT blog on April 28 (“Update to Adobe Reader Issue”, CVE-2009-1492). We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X."
There are a couple of options available, one of which is the work-around provided by Adobe:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
The recommended option, however, is to use an alternate reader. There are a number of open source readers available from http://pdfreaders.org/.

Sidebar:
I discontinued using Foxit PDF Reader some time ago as it now includes the Ask Toolbar and eBay desktop shortcut. It has been reported that there is reduced functionality when those add-ons are not included in the installation of Foxit.

Reference: Adobe Product Security Incident Response Team (PSIRT)




Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...

1 comment:

joe53 said...

Actually, you can still get the Foxit Reader without any trace of the toolbar or ebay link, if you download the .msi version from here:

http://www.foxitsoftware.com/pdf/reader/down_reader.htm

I do not consider this a crippled version, for my simple needs for a pdf reader.

You can update from within the program to the latest version via Help>Check for Updates> hilite Reader Update in the left section (under available updates)>Add button>Install button. This too does not install the toolbar (which is listed separately).