Table of Contents

Secure Adobe Reader

This is not a silver bullet for Adobe Reader security, but it will prevent the current most popular ways of being exploited. Basically, it will just disable Javascript and Flash within Reader. Personally, I think it's ridiculous that Adobe even added this functionality to PDF's.

NOTE: Do not do this if the PDF's you need to utilize require this functionality.

Disabling Javascript can be done in a couple of different ways: either the settings within reader or through the registry.

  1. Go to Edit, Preferences… Then in the left-pane, navigate to JavaScript. The right-side of the window will update to JavaScript preferences. You should uncheck “Enable Acrobat JavaScript.”
  2. reg add "HKCU\Software\Adobe\Acrobat Reader\#.#\JSPrefs" /v bEnableJS /t REG_DWORD /d 0 /f

Where #.# is the version of Reader you are using.

Disabling Flash requires the deleting/renaming of a couple of files.

On Microsoft Windows, delete or rename these files:

"%ProgramFiles%\Adobe\Reader <version_#>\Reader\authplay.dll"
"%ProgramFiles%\Adobe\Reader <version_#>\Reader\rt3d.dll"

For Apple Mac OS X, delete or rename these files:

"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/AuthPlayLib.bundle"
"/Applications/Adobe Reader 9/Adobe Reader.app/Contents/Frameworks/Adobe3D.framework"

For GNU/Linux delete or rename these files (locations may vary among distributions):

"/opt/Adobe/Reader9/Reader/intellinux/lib/libauthplay.so"
"/opt/Adobe/Reader9/Reader/intellinux/lib/librt3d.so"

– Main.FredPettis - 2010-12-13