Windows Vista and Windows 7 who have DEP enabled (that’s Data Execution Prevention) are protected from the exploit. Users who work with different operating systems are encouraged to disable JavaScript to protect against the specific known exploit. Adobe mentions that it is on the other hand possible to create an exploit that does not rely on JavaScript.

Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update, scheduled for release on October 13. Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible. In the meantime, Adobe is also in contact with Antivirus and Security vendors regarding the issue and recommends users keep their anti-virus definitions up to date.

Probably the best protection at this point is to uninstall Adobe Reader and Adobe Acrobat and install a third party pdf viewer like Foxit Reader, muPDF or STDU Viewer. Additional information are available at the Adobe website.

Related posts

• Unofficial Adobe Reader Patch Released (4)
• Adobe Reader and Acrobat Security Updates (3)
• Critical Adobe Reader Update (4)
• Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability (3)
• Adobe Reader Speedup (14)

The security updates are provided for Adobe Reader and Adobe Acrobat software products running on both Microsoft Windows and Apple Macintosh operating systems. The security bulletin that was issued yesterday contains links that point to downloads for all affected programs and operating systems.

The affected programs are:

• Adobe Reader 9.1.1 and earlier versions
• Adobe Acrobat Standard, Pro, and Pro Extended 9.1.1 and earlier versions

Adobe recommends users of Adobe Reader and Acrobat update their product installations to versions 9.1.2, 8.1.6, or 7.1.3 using the instructions above to protect themselves from potential vulnerabilities. The above updates apply to Windows and Macintosh. Security updates for Adobe Reader on the UNIX platform will be available on June 16, 2009; this Bulletin will be updated to reflect their availability on that date.

Security conscious users might want to consider switching from Adobe Reader to a third party application like Foxit Reader, Sumatra PDF or PDF-Xchange Viewer.

Related posts

• Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability (3)
• Adobe Reader Security Vulnerabilities (4)
• Adobe Reader and Acrobat Critical Security Update (1)
• Unofficial Adobe Reader Patch Released (4)
• Critical Adobe Reader Update (4)

Most users probably do not mind the regular automatic update checks but some might prefer to update the Adobe software products manually. This is important in business environments where patches are extensively tested before applied to client machines.

It is actually not a big problem to disable Adobe Updater if an Internet connection is available. All that needs to be done is to execute the Adobe_Updater.exe file that is located in the Program Files\Common Files\Adobe\Updater6 directory on the hard drive. The application will perform an update check and notify the user about updates. The updates won’t be installed however until the user clicks on the Download And Install Updates button.

A click on Preferences will load the configuration screen shown in the above screenshot. Unchecking the “Automatically check for Adobe updates” box will do the trick. Mac OSX users can basically do the same. The location of the Adobe Updater program on their system is /Applications/Utilities/Adobe Utilities/Adobe Updater5/.

Related posts

• Adobe Reader Security Vulnerabilities (4)
• Adobe Reader and Acrobat Security Updates (3)
• Adobe Reader and Acrobat Critical Security Update (1)
• You’d be Stupid Not To… (31)
• Unofficial Adobe Reader Patch Released (4)

Adobe Reader 9 and Acrobat 9 as well as Adobe Reader 7.1.0 and Acrobat 7.1.0 are not affected by the security vulnerability. The vulnerability causes the applications to crash which can allow an attacker to take control of the host system.

Downloads are available that fix the security vulnerability in Adobe Reader 8 for Windows and Macintosh computers. Take a look at the security bulletin issued by Adobe if you are using Adobe Acrobat or a previous version of one of the products to find the links pointing to updates for your product.

Related posts

• Adobe Reader and Acrobat Security Updates (3)
• Adobe Reader, Acrobat and Flash Player Zero Day Vulnerability (3)
• Adobe Reader Security Vulnerabilities (4)
• Unofficial Adobe Reader Patch Released (4)
• Of Cracks, Hacks And Jailbreaks (2)