Adobe PDF attack update: Patch coming Jan 12

Here's a quick update to the Adobe PDF Reader/Acrobat zero-day story that broke yesterday after the company confirmed that an unpatched vulnerabilities was being attacked in the wild.

First up, an exploit has been fitted into the Metasploit point-and-click penetration testing tool and there are predictions that exploit code will be widely available within a day or two. [ SEE: Adobe confirms PDF zero-day attacks. Disable JavaScript now ]

More importantly, Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.

Adobe's Brad Arkin explains the thinking behind waiting until next month to ship the patch.

These are the software versions affected:

• Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
• Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh

Here are the temporary mitigation instructions:

1. Launch Acrobat or Adobe Reader. 2. Select Edit>Preferences 3. Select the JavaScript Category 4. Uncheck the 'Enable Acrobat JavaScript' option 5. Click OK

[ SEE: How to mitigate Adobe PDF malware attacks ]

Adobe also released an Adobe Reader and Acrobat JavaScript Blacklist Framework to offer  granular control over the execution of specific JavaScript API calls.

The purpose of the Framework is to allow Adobe to protect customers against attacks that target a specific JavaScript API call, like the one referenced in Security Advisory APSA09-07.

Researchers at F-Secure have some additional information on the actual zero-day attacks, which utilize rigged PDF files.