Adobe PDF Reader Makes Mac OS endangered

Notes, have the last word: Adobe PDF Reader Makes Mac OS endangered






You can more that awaits you if you have a PDF file or receive an e-mail from the Annex. PDF files can run scripts on the open and perhaps your system.

Adobe Systems Inc. confirmed that two new vulnerabilities in Adobe Acrobat Reader application. The message was announced on May 4 Trustwave and other security services, who have declared themselves ready, Adobe hopes that the release of patches 12th May 2009. Weaknesses, the JavaScript functions "getAnnots () (CVE-2009-1492) and spell.customDictionaryOpen (CVE-2009-1493). After Secunia.com "getAnnots () is a JavaScript API function in Acrobat Reader and Acrobat, the distance to a Denial of Service attack by corruption of memory or execute arbitrary code via a PDF file that annotation. This is due to an entry Open action with JavaScript code, a number of arguments to the whole hand or calls.

The spell checker custom dictionary Open method is a JavaScript API, Adobe Reader 8.x - 9.1 runs in the first instance on a Linux system. It allows remote attackers to deny the services of a memory and corruption, as the "getAnnots", perhaps by arbitrary code via a PDF file. Mac users should not be too concerned about the custom Open Dictionary as, first, something that Linux. Most worrying of the two is the "getAnnots () '.

These weaknesses to a Macintosh versions 9.x Acrobat Reader - Acrobat 9.x and 8.x - 8.x to fall and have the potential for an attack by hackers and control over a vulnerable system. Simply disable JavaScript does not solve everything, but disables the JavaScript component vulnerable, but not to reduce the compromised system. The United States Computer Emergency Readiness Team (US-CERT) has recommended that the precautionary measures for those who are yet to be taken or PDF files.

Do not spontaneously PDF files from suspicious sources or distrust; Put your PDF standard manager, for an overview of the time, and disable the Adobe Reader JavaScript settings to prevent hackers exploiting flaws in the system . To do this:

(1) Run the Adobe Acrobat Reader
(2) Select "Edit" in the menu bar
(3) Select "Settings"
(4) Select the Internet tab
(5), uncheck "Display PDF in browser"

In addition, ensure that your default browser (Internet Explorer, Firefox, Safari, etc) automatically open PDF documents. Setup, load the Adobe Acrobat Reader and configure your browser to a PDF file without user interaction. To disable the browser, the display of PDF documents:

(1) Run the Adobe Acrobat Reader
(2) in the main menu, select Edit
(3) Select "Settings", click the Internet tab
(4) Uncheck "Display PDF in browser is enabled.

Do not open PDF documents in a Web browser, the possibility of an attack. The following solution for the updated version of Adobe Reader must be to protect against future vulnerabilities.

If you have a PC, other preventive measures are to US-CERT Web site, reducing the chances of attack. Currently, Adobe recognizes that a critical point, and recommends that the above steps and exercise common sense when opening PDF files. Please visit the Adobe Product Security Incident Response Team Blog for more updates on this topic.