Adobe Zero Day…. Its like the duracell bunny

Earlier on this month we had yet another Adobe Reader Zero Day, its really becoming a common theme this year and who knows when its going to end.

Adobe are once again telling users to disable javascript to protect yourself from attack, now this just seems to be the ongoing standard response. Many customers I work with do not need or use the javascript functionality anyway so I recommend its disabled permanently. So some turn it off, and then turn it back on again when a patch is released, because for some reason they think its safe and another zero day isn’t just around the corner.

So my question has to be, who does actually need the javascript functionility? I have met very few individuals and organisations, so why not have this disabled as a standard and put the reliance on the user to enable with a caveat (it might mess you up).

I think Adobe make some good products, but they just seem to be having some issues with secure coding or something. Perhaps the tools are not being used the way they were intended I dont know, so why not do something about it.

I am by no means a PDF expert so I am not really the best person to comment, but I know a man who is. Didier Stevens is the master, just check out his blog.
Didier will be speaking to us on the first episode of the eurotrash security podcast.

Be Sociable, Share!

Leave a Reply

Your email address will not be published. Required fields are marked *