Security Bulletin of April 30, 2009

Overview
Required Action
Tips for Safer Computing
Further Assistance

Other Bulletins
Recent CERT Alerts

COMPUTING ALERT: Critical Vulnerability in Adobe Acrobat Products

OVERVIEW

Adobe has confirmed a critical security hole in Acrobat Reader and Acrobat Pro. They are currently working on updates to these products. In the interim, they recommend all Acrobat users disable JavaScript in Acrobat programs, including Acrobat Reader and Acrobat Professional.

Use caution and only open PDFs or other documents from sources you trust.

In addition, Adobe recommends all Acrobat users (Macintosh, Windows, Unix) take the steps below.

REQUIRED ACTIONS

Disable JavaScript in Adobe Reader to help mitigate the risk:

1. Launch Acrobat or Adobe Reader.
2. On Windows: From the Edit menu, select Preferences
   On Macintoshes: From the Acrobat menu, select Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK.

ADDITIONAL INFORMATION:

You can find more information about the Adobe vulnerabilities at the following web sites:

• Adobe Product Security Incident Response Team (PSIRT)
• US-CERT (United States Computer Emergency Response Team)

HELP:

If you have any questions, please contact the Computing Help Desk:
Telephone: 610-896-1480
Email: helpdesk@haverford.edu

ACC EMAIL POLICY:

ACC will never request passwords or other confidential information via email. Email is not secure. We will never email an executable file. Instead, if we ask you to take action, we will always refer you to our web site, using an address that starts with the secure "https" protocol -- that way, you know you are downloading a safe file from us.

VERIFY THIS ALERT IS LEGITIMATE:

Before taking an action recommended in an email, please confirm that the email is legitimate. ACC posts a detailed description of all our alerts on our web site, https://www.haverford.edu/acc/bulletins/.