Secunia is reporting that disabling JavaScript does not prevent exploitation of the Adobe Reader/Acrobat 0-Day Vulnerability:
"During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.In addition to the caution advised by Secunia, it is still advisable to block JavaScript. This can be accomplished on Firefox with NoScript. In addition, WinPatrol users can block the ActiveX. Merely click on the ActiveX tab in WinPatrol, sort by company name to find the Adobe components. Then select the Acrobat reader and click on Disable.
All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not. Hopefully, Adobe will be issuing patches very soon."
No comments:
Post a Comment