Adobe Reader Plagued by Yet Another Security Flaw


Yet another security flaw has been uncovered in Adobe Reader, probably the most popular reader software on the planet for PDF files. Adobe is currently working on a new release to address this problem. Because Adobe does not yet have a time frame for this, the advice from security experts for companies using Acrobat Reader is to disable JavaScript in order to mitigate this specific vulnerability.


An advisory from US-CERT outlined the steps needed to disable JavaScript for Adobe Reader: "Open the General Preferences dialog box. From the Edit-Preferences-JavaScript menu, uncheck 'Enable Acrobat JavaScript.'"


At this point, I want to take the opportunity to encourage SMBs to seriously think about making a permanent switch to other non-Adobe PDF readers. While it would be downright foolish to equate switching from Adobe Reader with better security, the fact is that hackers have been concentrating on the widely installed Adobe Reader software in order to achieve the best returns for their illegal activities.


Unfortunately, not all small and medium-sized businesses can afford to spare the time and personnel to constantly monitor the security situation of all the software that they are using. Given the historical interest in exploiting Adobe Reader, a switch to another PDF reader application will go a long way to reduce the chances of being the next victim of a zero-day exploit - and eliminating some of the sleepless nights for the system or security administrator.


Indeed, you will be interested to know that F-Secure Chief Research Officer Mikko Hypponen gave the same recommendation when he spoke at RSA Conference recently, pointing out that more than 47 percent of targeted attacks exploit holes in Acrobat Reader.


Incidentally, I recently wrote about a new free alternative to Adobe Reader that I have been using for over two years now. Feel free to check it out as a permanent replacement for Adobe Acrobat.


SMBs looking at other options - even open source - will want to check out PDFreaders.org.