Adobe: Turn off JavaScript in PDF Reader

In response to confirmed reports of a zero-day vulnerability in its PDF Reader software, Adobe today urged users on all platforms to disable JavaScript as a temporary measure to avoid code execution attacks.In sharp contrast to previous problems in responding to known security issues, the company acted swiftly to provide information on the affected software versions and offer mitigation guidance to its customers.

In response to confirmed reports of a zero-day vulnerability in its PDF Reader software, Adobe today urged users on all platforms to disable JavaScript as a temporary measure to avoid code execution attacks.

In sharp contrast to previous problems in responding to known security issues, the company acted swiftly to provide information on the affected software versions and offer mitigation guidance to its customers.

Here's what you need to know:

  • The flaw affects all currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions).
  • Adobe plans to provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue.

Mitigation instructions:

  1. Launch Acrobat or Adobe Reader.
  2. Select Edit>Preferences
  3. Select the JavaScript Category
  4. Uncheck the ‘Enable Acrobat JavaScript’ option
  5. Click OK

Or, in the interest of diversity, you should consider an alternative product.

Open Source | Developer
Show Comments