Security gaps in Adobe Reader und Acrobat
Bonn, Germany - Security experts have discovered a security gap in the Acrobat Reader and Acrobat applications from Adobe. An update to close them will likely be available in March, the German Federal Agency for Security in IT (BSI) announced. Until then, users are advised to deactivate the JavaScript functionality of both programs.
This is done under the menu item Edit/Preferences/Category JavaScript. Remove the check mark under "Enable Acrobat JavaScript."
The danger comes from manipulated PDF files that an attacker could use to exploit the vulnerability, infecting the affected machine, the BSI reports. Rigged PDF documents of this kind could be sent by e-mail or even simply integrated into a website. Adobe Reader Version 9 and earlier as well as Adobe Acrobat (Standard, Pro, and Pro Extended) Version 9 are all affected. (dpa)