Saturday, January 30, 2010

Take a second and disable Javascript from Acrobat Reader

Secbrowsing does not yet track the versions of the Adobe Reader plugin, because Reader does not expose its version to websites. We plan to find a way to track the version soon. In the meantime, please:
  • Update Acrobat Reader
  • Disable Acrobat Javascript
Update Acrobat Reader
  1. Launch Adobe Reader
  2. Select Help > Check for Updates
  3. Exit Adobe Reader
  4. Repeat
You might have to repeat this process a few times if you have missed a lot of updates. Keep asking Reader to check for updates, even after it has installed some. If you have 9.1.1 and the latest version is 9.1.3 you need to run the update process twice.

Disable Acrobat Javascript

Also, please disable JavaScript for Reader. Many of the security releases of Reader fix vulnerabilities that involve its JavaScript engine.
  1. Launch Acrobat or Adobe Reader.
  2. Select Edit > Preferences
  3. Select the JavaScript Category
  4. Uncheck the 'Enable Acrobat JavaScript' option
  5. Click OK
More about disabling Javascript, from Adobe. HowtoGeek also has a screenshot.