Critical vulnerabilities in Adobe Reader: Disable JavaScript!

Two new critical vulnerabilities affecting Acrobat Reader on Linux, Windows and Mac. The publisher recommends that you disable JavaScript function, waiting to deliver a patch.

Two flaws were found in Acrobat Reader, the famous PDF reader from Adobe. Classified as “highly critical” by the standby site security Secunia, they are linked to two Javascript functions: Spell.customDictionaryOpen and getAnnots. Used in a PDF document, they would allow a malicious person to execute arbitrary code on a remote machine after opening the file.

Both holes were detected by a hacker named Arr1val, who delivers the evidence on the web. They affect all recent versions of Acrobat Reader, from 7.1 to 9.1. All systems are affected, Windows as well as Linux and Mac.

For the moment there is no patch that will correct these flaws. The publisher is working on the subject. In the meantime, it recommends to turn off Javascript in the drive. To do this, go to the following menus: Edit> Preferences> Javascript. Another solution is to uninstall Acrobat Reader and replaced by an alternative software like Foxit Reader. Other PDF readers are listed on the site
Software to prohibit corporate

Coincidence, these two new vulnerabilities have been discovered just a week after the RSA conference, during which the use of Adobe Reader business had been severely challenged by Mikko Hypponen, director of research laboratories Print F-Secure. The latter recommends to outlaw this software environment, it is too often prone to vulnerabilities.


Please enter your comment!
Please enter your name here