Results 1 to 5 of 5
  1. #1
    4 Star Lounger
    Join Date
    Jan 2001
    Location
    Tacoma, Washington, USA
    Posts
    431
    Thanks
    0
    Thanked 3 Times in 3 Posts

    Thumbs down

    I just read this on our local news station's website about a new security flaw in Adobe Acrobat and Adobe Reader version 9 and earlier. According to the article Adobe doesn't intend to patch this until March 11th!!! Anyone know how serious this is? It's gonna be a pain in the bottom if I have to log into each user's workstation to make the changes it recommends only to do it all over again to switch those settings back. Before I do anything I'd sure love some feedback on how serious this is and if it's worth the bother to make these setting changes.

    http://www.king5.com/topstories/stories/NW...M.49641c1d.html

    Thanks,
    Daisy

  2. #2
    Plutonium Lounger
    Join Date
    Mar 2002
    Posts
    84,353
    Thanks
    0
    Thanked 29 Times in 29 Posts
    As with all these threats, you should take them seriously, but there's no cause for panic.
    Even if Adobe doesn't patch the hole immediately, the probability of infection on an adequately protected PC (with up-to-date firewall, anti-virus, anti-spyware) is very small.
    The usual recommendations apply: avoid dubious websites, never open e-mail attachments if you're not sure about their origin.

  3. #3
    Super Moderator jscher2000's Avatar
    Join Date
    Feb 2001
    Location
    Silicon Valley, USA
    Posts
    23,112
    Thanks
    5
    Thanked 93 Times in 89 Posts
    [quote name='ailios' post='761600' date='25-Feb-09 14:08']Anyone know how serious this is? It's gonna be a pain in the bottom if I have to log into each user's workstation to make the changes it recommends only to do it all over again to switch those settings back. Before I do anything I'd sure love some feedback on how serious this is and if it's worth the bother to make these setting changes.[/quote]
    Initially, it probably will be a little difficult for bad guys to get evil PDFs to your users. Unlike Flash movies which are pervasive on the web, PDFs are relatively rare and almost never open automatically. The problem is that eventually a compromised computer may be used to email attack PDFs "from" people who your recipients ordinarily trust.

    As Hans notes, the evil PDFs currently act in a predictable manner: they download specific trojans or other software which can be blocked and/or removed by security software, and possibly filtered by your firewall or internet gateway if you subscribe to the additional software needed to do that. If users promptly update next month when the patch is released, interest in this exploit probably will wane. On the other hand, a lot of people simply dismiss Adobe Reader prompts to update. In my experience, that dialog often lists obscure language packs or uninteresting additional products. If users defer the patch, the exploit may remain interesting for a long time, and that will lead to its use for other and perhaps even new, undetectable payloads.

    The fixes Adobe recommends include disabling JavaScript. I suggest this as a general precaution. I can't recall the last time I used a PDF that really required JavaScript. However, some forms may require it, so people should keep an eye out for that issue.

    Another precaution (not really a solution, but just slowing down the process of opening the PDF) involves the manner in which PDFs are launched from the web. I have my personal preferences on this, but I think ultimately this is something that the users will have to decide for themselves.

    ---

    Document format-based exploits are becoming increasingly popular as mail programs and filters reduce users' exposure to executables. PDF, DOC, and others have been vulnerable to this problem in the past and I'm sure new problems will be discovered in the future. I think it is wise to help users recognize potentially dangerous situations, rather than suggesting that any checkbox or filter can safeguard them, or that they should be afraid of everything.

  4. #4
    4 Star Lounger
    Join Date
    Jan 2001
    Location
    Tacoma, Washington, USA
    Posts
    431
    Thanks
    0
    Thanked 3 Times in 3 Posts
    There was a blurb on this in today's Windows Secrets enewsletter which included a link to a website where someone had created a script to change the javascript setting. I downloaded it and plan to adjust it to our network's versions of Acrobat then add it to their login script. Later after the patch I can switch the setting to re-enable it. Very nifty and time saving.

    http://www.phishlabs.com/blog/archives/122
    Daisy

  5. #5
    Lounge VIP bobprimak's Avatar
    Join Date
    Feb 2009
    Location
    Hinsdale, IL, USA
    Posts
    2,483
    Thanks
    176
    Thanked 152 Times in 129 Posts
    One option is to use Foxit Reader, which may not be as vulnerable as the Adobe PDF Reader. It's faster to launch, works just as well, and integrates nicely with Firefox 3.
    -- Bob Primak --

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •