Acrobat 9 Pro - Full

On May 5, 2009 Adobe Systems Inc announced the existence of two vulnerabilities in their Adobe Acrobat Reader. The vulnerabilities are found in two JavaScript functions: ‘getAnnots ()’ (CVE-2009-1492) and spell.customDictionaryOpen (CVE-2009-1493). The main concern for Mac users is the ‘getAnnots ()’ as it is a JavaScript API function used by Acrobat Reader and Acrobat. Once run, it grants access to remote hackers who in turn cause a denial of service through memory corruption or execute arbitrary code sequences concealed within a PDF annotation. Essentially an OpenAction is produced by opening the PDF, allowing entry using JavaScript code and producing a series of crafted integer arguments calls.

If a PDF is downloaded to your Mac or accessed by its browser your Acrobat Reader 9.x-8.x and/or Acrobat 9.x-8.x will crash – or worse, allow a hacker access to attack your operating system by taking control. The US-CERT (United States Computer Emergency Readiness Team) has recommended the following to those who have yet to be affected:

1. Practice common sense and don’t accept or open unsolicited or suspicious PDFs.
2. Use a different PDF handler such as Preview.
3. Disable Adobe Reader JavaScript Preferences. To disable JavaScript:

1. Launch Adobe Acrobat Reader.

2. Open the Edit menu.

3. Select the Preferences… option.

4. Choose the Internet section.

5. Uncheck the “Display PDF in browser” check box.

4. Change settings within Acrobat and your default browsers from automatically opening, downloading or displaying a PDF.

Adobe expects to release patches by May 12, 2009 via it updater and on its website. More information can be found on Adobe Product Security Incident Response Team blog or on the US-CERT site.

Looking for something?

Use the form below to search the site:

Still not finding what you're looking for? Drop a comment on a post or contact us so we can take care of it!

Mac Users Guide Forum

    It Seem There Is Something Wrong With BBLD Configuration, Please Check It.