Adobe has announced a security issue with almost all versions of their Acrobat Reader software (used by lots of people to read PDF documents). Sadly, they said that a fix for the problem will not be available until at least March 11, 2009.
In the meantime, here are some things you can do to protect yourself:
- Use a different reader on your computer. I switched to Foxit Reader several months ago and have not had any problems. You can download plug-ins if you want to open PDF documents in Firefox, and if you want to enable JavaScript in Foxit Reader, you have to download an additional plugin. I recommend that you download and use it only if absolutely necessary.
- Disable Javascript in Adobe Reader. You can do this by viewing the US CERT’s Advisory for the Adobe Reader vulnerability (see Section III — Solution).
- Do not allow Internet Explorer to open and display PDF documents. The US CERT link (above) also tells you how to disable this functionality.
- Do not open PDF documents that you did not ask for. This includes email attachments (especially spam).
- Don’t download PDF documents from suspicious looking sites. In general, don’t just go “out there” on the Internet, visiting sites at random. Even after this problem is fixed, other threats will emerge.
- If you are using an older version of Adobe Reader, consider upgrading. I only know of plans to fix version 7, 8, and 9 of Adobe Reader; if you are using an older version, it may be vulnerable FOREVER. Unsupported software often contains security holes that will never be fixed, so I recommend that you not use it (this also goes for operating system software. Lots of people are still using Windows 98, for example, which has not been supported for several years now).
If you found this post useful, would you consider subscribing to my blog announcement list and telling somebody else about this post? Thanks!
Be safe,
Tom
You must log in to post a comment.