Guest blog: Adobe, make my day. Disable JavaScript by default

July 5, 2010 by admin
Filed under Security News

Users around the world will be pleased to learn that Adobe has managed to release an accelerated security update for Adobe Reader and Acrobat (APSB10-15) before the planned release date (13th July). The latest version of Adobe Acrobat and Reader for Windows is now 9.3.3.

The security update includes fixes for 17 vulnerabilities, which means that the guys from Adobe PSIRT have been working very hard in the last month or so.

From the malware protection point of view the most important vulnerability patched with the latest update is CVE-2010-1297 which has been actively exploited since its discovery on June 5th.

Although the vulnerability affected Adobe Flash, the main vehicle for delivering malicious payloads were PDF files. A booby-trapped PDF file would contain a Flash animation which would trigger the vulnerability, JavaScript code which would be used to create memory layout to allow the exploit to successfully launch shellcode and ultimately, an encrypted executable payload which would deliver the final functionality. This exploit is more complex than the usual exploits we have become used to in the last few years and it may mark a new trend in the direction of writing exploits and shellcode.

The common thread in most, if not all, Adobe exploits is the requirement for JavaScript as exploits will work correctly only if JavaScript is enabled. This is why we recommend all users disable JavaScript in Adobe Acrobat and Reader.