for those who need to open many pdf files on a daily basis (paper review, academic purposes, administrative matters, etc) and cannot wait for two weeks for the adobe patch, there are two simple workarounds:
+ turn off the javascript (or whatever adobe call it) capability enabled by default in adobe software
+ or use a javascript-incapable, open source software such as xpdf
welcome to the new world of von neumann architecture, where data and code are treated the same in binary format over the network 😉
On Mon, 23 Feb 2009, Robert Taylor wrote:
> Hello Everyone,
>
> Please note the following important security warning:
>
> Adobe has identified a critical security flaw in its Adobe Reader and
> Acrobat PDF software. The flaw could allow a remote attacker on the
> Internet to take control of an effected computer system.
>
> A security update from Adobe is not expected to be available before March
> 11th.
>
> In the meantime, users are recommended to not open PDF files that are
> received from untrusted sources. These particularly include those that
> have been hosted on web sites or delivered by email as attachments from
> untrusted sources.
>
> For more information, please see:
>
> http://www.adobe.com/support/security/advisories/apsa09-01.html
>
> Robert.
>
>