New vulnerability in Adobe PDF files being exploited

The machines we love to hate

Moderator: Wiz Feinberg

User avatar
Wiz Feinberg
Posts: 6115
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
State/Province: Michigan
Country: United States

New vulnerability in Adobe PDF files being exploited

Post by Wiz Feinberg »

ALERT!

Malicious hackers/cyber criminals have discovered an unpatched vulnerability in Adobe Reader and Acrobat and are actively exploiting it to automatically download malware to (not locked down) computers. Adobe plans to release a patch on, or before March 11, 2009. Until then, if you use Adobe Reader (or Acrobat), here are some workarounds that will protect you until the patch is released.
  • Review Adobe Security Bulletin APSA09-01.
  • Disable JavaScript in Adobe Reader and Acrobat. Acrobat JavaScript can be disabled in the General preferences dialog (Edit, Preferences, JavaScript, and un-check "Enable Acrobat JavaScript").
  • Prevent Internet Explorer from automatically opening PDF documents.
  • Disable the displaying of PDF documents in the web browser. This can be disabled in the the General preferences dialog (Edit, Preferences, Internet, and un-check "Display PDF in browser").
  • Use caution when opening untrusted PDF files.
  • Install antivirus software, and keep virus signatures up to date.
Adobe Acrobat and Reader are capable of checking for updates automatically, so make sure you have selected that option. Also, visit the Secunia Online Software Inspector every week or two. Running it requires Java. It will let you know if you have any missing Windows Updates, as well as if you are using out-dated, vulnerable third party programs, add-ons, or plug-ins.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Top
User avatar
Jeff Hyman
Posts: 1257
Joined: 4 Aug 1998 11:00 pm
Location: West Virginia, USA
State/Province: West Virginia
Country: United States

Post by Jeff Hyman »

Thanks for the heads up.
Top
User avatar
John P. Phillips
Posts: 2532
Joined: 20 Oct 2000 12:01 am
Location: Folkston, Ga. U.S.A., R.I.P.
State/Province: -
Country: United States

Post by John P. Phillips »

DITTO HERE !
Just remember,
You don�t stop playing cause you get older,
You get older cause you stop playing ! http://www.myspace.com/johnpphillips
Top
User avatar
Ken Lang
Posts: 4708
Joined: 8 Jul 1999 12:01 am
Location: Simi Valley, Ca
State/Province: California
Country: United States

Post by Ken Lang »

Why can't we find whose doing that and kill them?
heavily medicated for your safety
Top
User avatar
Wiz Feinberg
Posts: 6115
Joined: 8 Jan 1999 1:01 am
Location: Mid-Michigan, USA
State/Province: Michigan
Country: United States

Adobe has released patched updates to Reader and Acrobat

Post by Wiz Feinberg »

Adobe has released patched updates to its Reader and Acrobat programs. The updates were released on March 11, 2009 and bring both applications up to a nre current version of 9.1.x. Users of version Adobe 9.0 Reader and Acrobat will be upgraded to 9.1.x. Users of older versions may have to wait until March 18 for a patched release for their version. Assume you are still at risk until you upgrade to the latest version.

In the meantime, you can reduce your risk from infected pdf files by disabling JavaScript and web page browser rendering of pdf documents, in your Adobe Reader. Also, disable these items in Acrobat, if you have it installed. Then upgrade to the patched versions as soon as is practical.

You can download the latest version of Reader and Acrobat from this Adobe page.
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
Top

Return to “Computers”