According to CNet, an error has been discovered the Adobe Acrobat Reader plugin for web browsers (if you don’t know, this is the application that opens when you view a PDF file through a web site). This vulnerability allows a bad guy to create a link that looked as if it came from a trusted source (like your bank, for example) but would contain some nasty JavaScript code that would run as soon as you clicked the link.
This is of particular concern because the Acrobat Reader program “lives” on the user’s computer, not on the visited web site.
In the past, for one to generate an attack like this, there would first have to be a flaw in a web site. Then, the bad guy would have to find that flaw and try to direct unsuspecting users to that flawed web site. But now, the process is greatly simplified because the flaw is in a program that resides on millions of individual computers.
So, here are some ways to protect yourself:
- Upgrade to the latest version of Adobe Acrobat Reader
- Force any PDF file to open in Acrobat Reader on your actual computer, not through the browser plugin
- Remove any automatic browser actions associated with PDF files
OR
Switch to Brava! PDF reader. This is the one that I use for several reasons and now I have one more reason ;).
