Sophos – an IT security and data protection firm, has reportedly counseled software provider Adobe to start disabling JavaScript in its products by default. This is in direct reaction to the most recent security vulnerability detected on Adobe Acrobat and Reader involving the JavaScript code. Apparently the vulnerability has been patched up with the release of a security update for Adobe Acrobat and Reader.
The vulnerability reportedly codenamed CVE-2010-1297 – is said to involve a booby-trapped PDF file containing a Flash animation, that relied on JavaScript for the exploit to work. The exploit is stated to be more complex than earlier Adobe exploits, potentially signaling a new pattern in the evolution of Adobe exploits.
Sharing his viewpoints on Adobe exploits, Vanja Svajcer Principal Virus Researcher at Sophos, has reportedly said, “The common thread in most, if not all, Adobe exploits is the requirement for JavaScript , as exploits will work correctly only if JavaScript is enabled. This is why we recommend all users disable JavaScript in Adobe Acrobat and Reader.”
Further emphasizing the need to disable JavaScript in Adobe, Svajcer has reportedly stated, “The company’s regular security updates show that Adobe is now doing more to address vulnerabilities, but the high number of patched vulnerabilities indicate that it may be a good time for Adobe to overhaul its approach to building security into its products. If nothing else, JavaScript should be disabled by default in Adobe Reader.”
Henceforth, Sophos has recommended all users to disable JavaScript in Adobe Acrobat and Reader by default. For all those interested, additional details of how to disable JavaScript in Adobe could be found on the SophosLabs Blog here: http://www.sophos.com/blogs/sophoslabs/v/post/3267