Critical patches for Adobe Reader and Acrobat

Graham Cluley
Graham Cluley
@[email protected]

Adobe PDF
It was a relatively quiet Patch Tuesday for Microsoft this month, with just one security update being issued for Windows users (and even then, it was only rated “critical” for users of Windows 2000).

But it was a different matter entirely for Adobe, who on the same day issued fixes for multiple vulnerabilities in its Adobe Reader and Adobe Acrobat software, one of which has been actively exploited by hackers (and detected by Sophos as Troj/PDFJs-FS since mid-December).

If you’re a user of Adobe Reader and Acrobat (and, let’s face it, most of you are) then please go and read the security bulletin, and download the updated versions right now.

Of course, it was possible to protect yourself against the Adobe zero-day attack even before a patch was available by disabling JavaScript in Adobe Reader.

Sign up to our free newsletter.
Security news, advice, and tips.

All you had to do was adjust the appropriate option under the Edit / Preferences menu:

Disable JavaScript in Adobe Reader

Unfortunately judging by a recent interview given by Brad Arkin, Adobe’s security chief, it doesn’t look like you should hold your breath for JavaScript support to be removed from Adobe’s PDF reader.

Malicious PDFs are one of the favoured methods used by the bad guys to launch a spear-phishing or targeted attack against companies – so the best way to protect your business is to ensure that you have proper security in place, and are running a fully-patched version of Adobe’s products.

Graham Cluley is an award-winning keynote speaker who has given presentations around the world about cybersecurity, hackers, and online privacy. A veteran of the computer security industry since the early 1990s, he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows, makes regular media appearances, and is the co-host of the popular "Smashing Security" podcast. Follow him on Twitter, Mastodon, Threads, Bluesky, or drop him an email.

What do you think? Leave a comment

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.