443-992-7394

Adobe Acrobat Vulnerabilities

In the last couple of weeks, Adobe has acknowledged a number of vulnerabilities in their Acrobat products, including a “Zero Day Exploit” (which means exploit code was found “in the wild” before the vulnerability was even known by the Security Community), all involving their use of JavaScript. (See this link for more details.)

What is JavaScript? Well, it’s a scripting language… essentially a relatively light programming language. It’s used in many web sites, and web-based applications.

But Acrobat is supposed to be a “cross-platform” document format, meaning that the same document can be displayed, and printed, in the same way, regardless of what computer you’re using. Windows, Mac, Linux – it doesn’t matter.

So why do we need JavaScript in an Acrobat Document?

Frankly, I’m not really sure that we do. It certainly doesn’t enhance the ability to use the basic functionality for which it was designed: Creating and reading documents.

At this point, Adobe, and other Security professionals are recommending that you just turn it off. Here’s how to do it (at least on Windows systems, but other platforms should be similar):

  1. Open Adobe Acrobat or Acrobat Reader.
  2. Click the Edit menu item.
  3. Click the Preferences menu item.
  4. In the Categories box, along the left side, look for JavaScript, and select it.
  5. Uncheck the Enable Acrobat JavaScript checkbox.
  6. Click OK.

That’s it. You can now close Acrobat, or use it for reading documents. Whatever you want.

The Internet’s a bit like the Wild Wild West. There are great opportunities out there, but it can be a dangerous place. As Michael Conrad’s character used to say after his daily briefings, in the old Hill Street Blues series, “Let’s be careful out there…”