OS/Platform/Application:

Adobe Reader (all versions) on Linux
Adobe Reader (all versions) on Windows**
Adobe Reader (all versions) on Macintosh**

Category: ALERT
Severity: HIGH
Attention: Adobe Reader users, System Administrators, Desktop Support Personnel.

Summary: Numerous Internet Security resources are reporting the existence of two new vulnerabilities in Adobe Systems' popular Reader application.  The vulnerabilities pertain to JavaScript and could be exploited by the handling of maliciously-crafted PDF documents.  Adobe systems has acknowledged the issue and is working on a fix for the problem.

**This issue was first reported to affect installations of Adobe Reader in Linux systems only.  Various resources are now predicting that the vulnerability will likely soon spill over to affect Windows and Macintosh systems as well.  Adobe's acknowledgment of the issue includes a promise to "provide updates for all affected versions for all platforms (Windows, Macintosh and Unix) to resolve this issue" which does appear to indicate strong concern over the cross-platform capabilities of this vulnerability.

Recommended Actions:  Adobe Reader users should avoid the handling of PDF files until a patch has been released for this issue.  The Adobe weblog entry on this issue (link provided below) includes a workaround that should reduce the risk of infection; administrators should consider implementing this workaround to accommodate users who must handle PDF materials as part of their daily activities.

Readers are encouraged to share this alert with family, friends, and associates.
 
ITS Actions: N/A

Resources:

Adobe PSIRT Blog entry:
http://blogs.adobe.com/psirt/2009/04/update_on_adobe_reader_issue.html

SANS article:
http://isc.sans.org/diary.html?storyid=6286