Adobe - Security Update available for Adobe Reader and Acrobat 8

IT セキュリティ

Acrobat Reader7.0.9とそれ以前にも同様に脆弱性は存在するが、Adobeは2008年05月までパッチをリリースしないそうです。

これは、怖すぎる・・・なんで5月末?!?! Marchの間違え?!

Acrobat and Adobe Reader 7.0.9 and earlier versions are also affected by these vulnerabilities.

Adobe is planning to release an update to Adobe Reader and Acrobat 7 by the end of May 2008 to resolve these security issues in those versions of the products. Adobe will provide further information regarding undisclosed vulnerabilities via the company's Security Bulletins and Advisories page (http://www.adobe.com/support/security/) once updates are available for all affected versions of Acrobat and Adobe Reader.

回避策が出ています。JavascriptをOFFにしましょう。

Adobe Reader and Acrobat 7

Acrobat 7 users and Adobe Reader 7 users who cannot update to version 8.1.2 can disable JavaScript to avoid these issues (with the exception of CVE-2007-5666) by following these steps:

1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript' option
5. Click OK

screenshot