Last month, Adobe’s Product Security Incident Response Team (PSIRT) announced potential vulnerability in Adobe Reader 9.1 and 8.1.4 and had urged users on all platforms to disable JavaScript.
Since then, many have been eagerly awaiting Adobe security patches so that the issue can be fixed. Adobe has set a May 12 date for the delivery of patches to fix the vulnerability in its Adobe Reader and Acrobat software products.
PSIRT says:
“We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009.
Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix. This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate.”
Adobe Upcoming Updates:
- Window updates for Adobe Reader versions 9.X, 8.X, and 7.X
- Window updates for Acrobat versions 9.X, 8.X, and 7.X
- Macintosh updates for Adobe Reader versions 9.X and 8.X
- Macintosh updates for Acrobat versions 9.X and 8.X
- Adobe Reader for Unix versions 9.X and 8.X.
In the meantime, continue to keep your JavaScript in Adobe PDF Reader disabled. To know how you could do that, read my earlier post: Disable JavaScript in Adobe PDF Reader!
If you still think Adobe Reader could be a “risk” to your machine, then do consider using an alternate program.
(Source: Adobe Blog)