Yet another zero day exploit has appeared, taking advantage of a flaw in the way Acrobat and Acrobat Reader parses JavaScript.  Adobe found out about the problem Monday so it is likely that exploits are already running around the net.  Even better, most antivirus programs cannot spot the problem yet.  For now the advice Slashdot offers is your best defence, disable JavaScript in Acrobat.

“Monday afternoon, Adobe ‘received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,’ the company said in a post to the company’s Product Security Incident Response Team blog. According to malware tracking group Shadowserver, the vulnerability is due to a bug in the way Reader processes JavaScript code. Several ‘tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable,’ Shadowserver said in a post on its Web site. The group recommends that concerned users disable JavaScript within Adobe’s software as a work-around for this problem. (This can be done by un-checking the ‘Enable Acrobat JavaScript’ in the Edit -> Preferences -> JavaScript window). ‘This is legit and is very bad,’ Shadowserver added.”

Here is some more Tech News from around the web:

Tech Talk