Re: Adobe Security Vulnerability and G.G applications Bob Beattie 25 Feb 2009 17:02 EST
This is a serious problem, and one that will occur when an agency is dependent on a commercial system. You must wait on them for a patch if problems develop. If you turn off Java Script, you cannot do Adobe Forms. Our IT people say to keep the Java Script and use caution when using web sites. Or turn off the Java Script and only use it when doing G.g work. See this Computerworld article: "Hackers exploit unpatched Adobe Reader bug" http://www.computerworld.com/action/article.do? command=viewArticleBasic&articleId=9128278&intsrc=hm_list and this Adobe security bulletin: "Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat" http://www.adobe.com/support/security/advisories/apsa09-01.html Bob ------------------------------ Robert Beattie University of Michigan xxxxxx@umich.edu (734) 936-1283 On Feb 25, 2009, at 4:42 PM, Lipkin, Stuart wrote: Hi All, Maybe someone out there already knows the answer to this question - so I thought I would post it here. I didn't see any information on the Grants.gov website - but I might have missed it. Adobe has recently issues a security warning (http://www.adobe.com/ support/security/advisories/apsa09-01.html) for their product and announced that they are planning a patch for it in mid-March. One of the suggested workarounds is to disable javascript in the product. While Adobe says this will not mitigate the problem completely, but is suggested as a temporary workaround. I've received some questions about this from our users. If people decided to turn off JavaScript would this adversely impact their ability to successfully complete G.G Adobe packages? Thanks Stu This e-mail message (including any attachments) is for the sole use of the intended recipient(s) and may contain confidential and privileged information. If the reader of this message is not the intended recipient, you are hereby notified that any dissemination, distribution or copying of this message (including any attachments) is strictly prohibited. If you have received this message in error, please contact the sender by reply e-mail message and destroy all copies of the original message (including attachments). ====================================================================== Instructions on how to use the RESADM-L Mailing List, including subscription information and a web-searchable archive, are available via our web site at http://www.hrinet.org (click on "Listserv Lists") ====================================================================== ====================================================================== Instructions on how to use the RESADM-L Mailing List, including subscription information and a web-searchable archive, are available via our web site at http://www.hrinet.org (click on "Listserv Lists") ======================================================================