Musings on Photography

PDF Security Issues

Posted in software by Paul Butzi on December 16, 2009


Since I’ve been banging the drum for PDF as a great format for online portfolios, etc., I feel obliged to pass on this tidbit:

A Security Advisory has been posted in regards to the Adobe Reader and Acrobat issue discussed in the Adobe PSIRT blog on December 14 (“New Adobe Reader and Acrobat Vulnerability“, CVE-2009-4324). A critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier for Windows, Macintosh and UNIX operating systems. This vulnerability (CVE-2009-4324) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Customers should refer to the Security Advisory for information on mitigating this vulnerability. The advisory will be updated once a schedule has been determined for releasing a fix.

The problem lies with Javascript. The solution, at least until Adobe gets off their butt and fixes the problem, is to disable Javascript in Adobe Acrobat and Adobe Reader. This is particularly important if you’re running Windows XP, apparently, as the exploit allows execution of malicious code. On Macs, Vista, and WIndows 7, Adobe Reader just crashes if it’s fed a file that contains the exploit. Or at least, that’s what I’ve heard.

One Response

Subscribe to comments with RSS.

  1. photoburner said, on December 16, 2009 at 3:22 pm

    A good reason to run the NoScript plugin in Firefox, you have to explicitly allow javascipt to run on any webpage.

Comments are closed.

%d bloggers like this: