On April 28, the U.S. Computer Emergency Readiness Team warned users of Adobe Reader that a critical vulnerability could allow remote hackers to execute malicious code. That vulnerability has its roots in how the product works with JavaScript and can lead to an exploit where remote attackers could wreak havoc on a user’s system. Several versions of Adobe’s Reader are subject to the JavaScript vulnerability and Adobe is working on security updates to fix the problem.
Users of the product need not wait for Adobe and risk attack; they can make a simple, temporary change to Adobe Reader’s settings, disabling external JavaScript support. Users can accomplish that by changing program preferences under the application’s Edit>Preferences tab; they can disable JavaScript by unchecking the "Enable Acrobat JavaScript" box.
Although Adobe reports that there are no known attacks occurring in the wild, that is sure to change now that the vulnerability has been exposed. To avoid the vulnerability, users can choose to install alternatives to Adobe’s Reader, such as FoxIT reader, Okular or Sumatra PDF.