Adobe Reader vulnerability: what you need to do to stay safe

Martin Brinkmann
Feb 14, 2013
Updated • Feb 14, 2013
Security
|
10

We had a lively discussion on Google Plus yesterday about the latest Adobe Reader vulnerability (feel free to add me to your circles there to stay in the loop). The vulnerability affects all recent versions of Adobe Reader and Acrobat including the latest release versions. At the time of writing, there is no update available that you can install to protect yourself, your data and your computer from the vulnerability.

The vulnerabilities, which are actively exploited right now on the Internet, can cause Adobe Reader or Acrobat to crash allowing the attacker to take control of systems the software is running on. Adobe is aware of email based attacks that try to trick users into loading attached pdf documents with malware payloads.

Adobe is currently working on a fix to patch the vulnerability in Adobe Reader and Acrobat, but it is not clear yet when the company will release the fix to the public.

The company posted mitigation information on the security advisory page:

Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.

Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method.

adobe reader protected mode screenshot

What's interesting in this regard is that built-in protection blocks attacks from being executed automatically. The real question right now is why it is not enabled by default and what it does.

Protected Mode adds sandboxing to Adobe Reader and Acrobat that prevents malicious PDF documents to launch executable files or write to system directories or the Windows Registry.

It appears that Protected Mode is enabled in some versions of the program but not in others. The blog post that introduced the feature to the Adobe Reader community in 2010 highlights that Protected Mode will be enabled by default, and it seems that it was for some versions and that Adobe later decided to turn it off by default again.

It is not clear when that happened. A test installation of the latest Adobe Reader version revealed that it is turned off in that version by default. Some users reported that upgrades may also reset some features including Protected Mode.

So, it is highly suggested you check the setting in Adobe Reader if you are running Windows to make sure it is enabled.

It goes without saying that you should also use common sense when you receive pdf documents attached to emails. I'd also suggest to disable the Adobe Reader plugin in the web browser you are using for now. Some browsers, like Chrome and Firefox, offer native PDF readers that you can make use of instead.

Last but not least, switching to a third party program may also take your system out of the firing line.

Advertisement

Previous Post: «
Next Post: «

Comments

  1. PREM said on December 17, 2013 at 7:55 pm
    Reply

    I HAVE THREE EPISODES WITH ADOBE FLASH DRIVE UPDATES
    EACH TIME I CLICKED ON TO DOWNLOAD, WITHIN MINUTES MY COMPUTER
    DEVELOPED PROBLEMS, JAMMED, …….
    VERY EXPENSIVE FOR A NOVICE
    IT WILL HELP EVERYONE IF ADOBE LOADS UPDATES AUTOMATICALLY THROUGH
    A VERY SECURE METHOD.

    THANKS

  2. Teiji said on February 15, 2013 at 11:00 am
    Reply

    I’ve switched to Nitro Reader and never looked back. It’s faster and has a super useful built-in virtual printer.

  3. Maou said on February 15, 2013 at 7:22 am
    Reply

    No problem, I´m using Pdf Lite.
    Besides flash player I don´t want more bloated software on my computer.

  4. Transcontinental said on February 14, 2013 at 6:14 pm
    Reply

    Nothing personal, but if you think about it, many if not all Adobe products are problematic, to put it mildly. No wonder why Steve Jobs was not a fan!

  5. Tim said on February 14, 2013 at 3:48 pm
    Reply

    Why aren’t my comments showing here?

    1. Tim said on February 14, 2013 at 3:53 pm
      Reply

      Maybe I missed it, but I can’t remember hearing anything to suggest that Adobe fixed the flaw that Group-IB discovered at the end of last year. If you look at the video Group-IB published, you can see that Protected Mode was on for ALL files, but yet they were still able to run an executable.

      The video is at the following link, where at 50 seconds you can see the Protected Mode settings (on for all files) and also at 1.30 & 3.15 you can see the yellow bar in the PDF document to say protected view was on.

      Oh, for some reason, I can’t post YouTube links here, so you’ll need to search for “Adobe Reader X/XI zero-day flaw found by Group-IB” on YouTube

      So, was the above flaw fixed in 11.0.1? If not, does that mean that the mitigation information Adobe have published on their security advisory page is not really effective anyway?

  6. Anonymous said on February 14, 2013 at 2:55 pm
    Reply

    I second Sumatra PDF. A long time ago, it was kind of janky, but these days the only reason I keep around Adobe is for the rare “enhanced” PDF with forms or something silly like that.

    You should probably disable javascript by unchecking File/Preferences/Javascript. It’s been nothing but trouble since Adobe introduced it to the format.

  7. Karl Gephart said on February 14, 2013 at 1:02 pm
    Reply

    Thanks for the info! Good to see version X has the Protected View option as well.

  8. ilev said on February 14, 2013 at 12:59 pm
    Reply

    I use Portable Sumatra PDF.

  9. Rick said on February 14, 2013 at 12:51 pm
    Reply

    Yet another reason not to use the bloated Adobe Reader.

Leave a Reply

Check the box to consent to your data being stored in line with the guidelines set out in our privacy policy

We love comments and welcome thoughtful and civilized discussion. Rudeness and personal attacks will not be tolerated. Please stay on-topic.
Please note that your comment may not appear immediately after you post it.