Mitigate zero-day exploit in Adobe Reader and Acrobat 9.2

Adobe warned that hackers have exploited yet another critical Adobe Reader and Acrobat 9.2 zero-day vulnerability with an attack that’s now loose in the wild, according to security reports. Adobe now have issued a security advisory, offering users some advice on how to mitigate the problem. Security experts say the flaw lies in the way […]

Adobe warned that hackers have exploited yet another critical Adobe Reader and Acrobat 9.2 zero-day vulnerability with an attack that’s now loose in the wild, according to security reports. Adobe now have issued a security advisory, offering users some advice on how to mitigate the problem. Security experts say the flaw lies in the way Adobe's software executes JavaScript code, and Adobe offered a few workarounds: the simplest way is to turn off JavaScript in Reader and Acrobat. Security experts’ve long recommended this option, because a number of Adobe attacks already depend on use of JavaScript. To disable JavaScript, select Edit > Preferences and then pick the JavaScript category. There, users can uncheck the "Enable Acrobat JavaScript" choice. Flaw lies in Adobe Reader 9.x on Windows, Mac and Unix. Mac and Unix computers will crash when they try to open malicious files, but Adobe and outside security experts say that, so far, attack code only works on some versions of Windows. Older versions of Reader and Adobe Acrobat are also affected by the issue, Adobe said. Windows Vista and Windows 7 use a Data Execution Prevention technology that prevents attack from doing anything more than crashing Reader, Adobe noted.