Critical Vulnerability in Adobe Acrobat and Acrobat Reader
30 April 2009
FastFacts
- Who: Faculty, Staff, and Students
- What: Critical vulnerability announced for Adobe Acrobat and Acrobat Reader (all versions)
- Client Action: See below
All currently supported shipping versions of Adobe Reader and Acrobat (Adobe Reader and Acrobat 9.1, 8.1.4, and 7.1.1 and earlier versions) are vulnerable to this issue. Adobe plans to provide updates for all supported versions for all platforms (Windows, Macintosh and Unix) to resolve this
issue. We are working on a development schedule for these updates and will post a timeline as soon as possible. We are currently not aware of any
reports of exploits in the wild for this issue. To mitigate the issue disable JavaScript in Adobe Reader and Acrobat using the following
instructions below:
1. Launch Acrobat or Adobe Reader
2. Select Edit> Preferences
3. Select the JavaScript Category
4. Uncheck the 'Enable Acrobat JavaScript' option
5. Click OK
UNCG Information Technology Services (ITS) recommends users perform the following actions, which may help prevent this vulnerability from being exploited: Disable JavaScript in Adobe Reader and Acrobat.
Acrobat JavaScript can be disabled in the General preferences dialog of Acrobat:
- Open the Edit menu
- Choose Preferences
- Choose JavaScript
- Uncheck 'Enable Acrobat JavaScript'
If you have any questions about or difficulties with the patch, please contact 6-TECH at (336) 256-TECH (8324) or 6-TECH@uncg.edu.