Unknown to many, PDF documents are becoming a popular vector for security exploitation. Just like MS Word documents were popular once upon a time for similar reasons with unprotected macros, PDF documents are gradually becoming more of a concern.
So what is the main cause of this issue?
JavaScript inside PDF documents is the culprit. Now, you might be wondering why a PDF document would need JavaScript, especially when they are read-only. Surprisingly, not all PDFs are read-only and allow you to enter data and interact with the document which can be made possible through the use of JavaScript. Most people won’t come across many of these types of documents, if at all but that’s not to say that others won’t.
Sadly, PDF readers at the moment don’t do much to protect you and most of them enable support for JavaScript by default. The good news is that you can quite easily turn it off and reactive JavaScript if and when you actually need it.
I use Foxit Reader (as I find the Adobe Acrobat Reader way too big for what it does) and disabling JavaScript is a snap. Just go up to “Tools” then “Preferences”, click on “JavaScript” and untick the box in the window. If you are using Adobe Acrobat Reader you can disable JavaScript by going to “Edit” then “Preference”, choose “JavaScript” and the untick “Enable Acrobat JavaScript”.
So get on the front foot and take ten seconds to easily protect yourself from nasty PDFs – you won’t regret it!
1 ping
[…] This post was mentioned on Twitter by Boyd Chan. Boyd Chan said: Boydo's Tech Talk Update: PDF Readers – Turn Off JavaScript (http://bit.ly/a1J9bS) #in #boydo #Acrobat #Adobe #Foxit #JavaScript #PDF […]