Adobe is set to release a patch in their next quarterly security update that will address a zero-day exploit. The exploit has already been publicly released and can infect users through javascript in Adobe Acrobat and Reader version 9.2 and lower, mentioned in the Security Advisory - APSA09-07.
Adobe has addressed this issue and will ready a patch in their next product patch cycle, coming on January 12, 2010. The issue affects all versions of Adobe Reader and Acrobat 9.2 and lower on Windows, Mac and Linux systems.
The risk of infection is still very low and does not pose a huge threat to users, however the potential danger of a hacker shutting down your system, and compromising your computer is possbile, but unlikely.
Adobe has mentioned that if users are worried of being compromised, that they should disable javascript until the fix is released in a few weeks. Adobe did release a temporary fix for users, which will populate the javascript Blacklist Framework, modifying the users registry settings – something that will be fixed when the patch is released.
Windows users can download and install this temporary fix from Adobe. Mac and Linux users will need to follow the steps on the Macromedia website.
Download: Adobe Windows Patch
46 Comments - Add comment