We had a lively discussion on Google Plus yesterday about the latest Adobe Reader vulnerability (feel free to add me to your circles there to stay in the loop). The vulnerability affects all recent versions of Adobe Reader and Acrobat including the latest release versions. At the time of writing, there is no update available that you can install to protect yourself, your data and your computer from the vulnerability.
The vulnerabilities, which are actively exploited right now on the Internet, can cause Adobe Reader or Acrobat to crash allowing the attacker to take control of systems the software is running on. Adobe is aware of email based attacks that try to trick users into loading attached pdf documents with malware payloads.
Adobe is currently working on a fix to patch the vulnerability in Adobe Reader and Acrobat, but it is not clear yet when the company will release the fix to the public.
The company posted mitigation information on the security advisory page:
Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.
Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method.
What's interesting in this regard is that built-in protection blocks attacks from being executed automatically. The real question right now is why it is not enabled by default and what it does.
Protected Mode adds sandboxing to Adobe Reader and Acrobat that prevents malicious PDF documents to launch executable files or write to system directories or the Windows Registry.
It appears that Protected Mode is enabled in some versions of the program but not in others. The blog post that introduced the feature to the Adobe Reader community in 2010 highlights that Protected Mode will be enabled by default, and it seems that it was for some versions and that Adobe later decided to turn it off by default again.
It is not clear when that happened. A test installation of the latest Adobe Reader version revealed that it is turned off in that version by default. Some users reported that upgrades may also reset some features including Protected Mode.
So, it is highly suggested you check the setting in Adobe Reader if you are running Windows to make sure it is enabled.
It goes without saying that you should also use common sense when you receive pdf documents attached to emails. I'd also suggest to disable the Adobe Reader plugin in the web browser you are using for now. Some browsers, like Chrome and Firefox, offer native PDF readers that you can make use of instead.
Last but not least, switching to a third party program may also take your system out of the firing line.Advertisement
Ghacks is a technology news blog that was founded in 2005 by Martin Brinkmann. It has since then become one of the most popular tech news sites on the Internet with five authors and regular contributions from freelance writers.