Please, uninstall Adobe Reader

[muckshifter]

No, really, it gets "hacked" every month ...

Two new vulnerabilities have been found in Adobe Reader and are under investigation by Adobe. The vulnerabilities exist in two JavaScript functions; getAnnots() and spell.customDictionaryOpen() and both allow remote code execution.

This means they both could be used in targeted attacks and drive-by downloads.

There are PoCs (Proof of Concept) available for both vulnerabilities but so far no in-the-wild attacks. It won't be long.

I've said it before but it's worth repeating ... use an alternative to Adobe Acrobat Reader. I won't recommend any reader over another as it would be better if people use a wide variety of them. A list of readers can be found here, pdfreaders.org. Others are Foxit (be aware of what you install ) , CutePDF, etc.

If you can't change from Adobe Reader I strongly recommend that you disable its ability to run JavaScript.

This is easily done via:

Edit / Preferences / JavaScript / Un-check "Enable Adobe JavaScript"

 

[Ian]

Good advice that

I've been infected via Adobe Reader before (PDF file in an iFrame), so I not use Foxit. Hopefully that will be less vulnerable, but Adobe Reader does seem to get some big holes in it from time to time.

 

[nivrip]

Got rid of Adobe a long time back (Mucks' advice).


Foxit is very good and a much smaller package.

 

[floppybootstomp]

Got rid of Adobe a long time back (Mucks' advice).


Foxit is very good and a much smaller package.

Ditto

 

[V_R]

I've used foxit for as long as i can remember, so much smaller & faster than Adobe too.

 

[itsme]

Foxit Rules out Adobe >>>>.

 

[Madxgraphics]

Adobe Reader has been uninstalled....And as a few of you have mentioned Foxit. I have gone ahead and installed it...

 

[Taffycat]

Ditto and double ditto I've been using Foxit for ages, after ditching Adobe, again thanks to Mucks

 

[guest_9323wk]

Yep I have now removed Adobe Reader, and moved to Foxit seems a lot better and does not take up as much space.

 

[V_R]

Just a shame i have to use Acrobat at work for editing pdf's....

 

[Madxgraphics]

Just a shame i have to use Acrobat at work for editing pdf's....

Why not use an alternative to Acrobat...?

 

[V_R]

because the IT dept wont let me, its the licence i guess

 

[Abarbarian]

because the IT dept wont let me, its the licence i guess

You could point your boss's towards this google page that shows Adobe security threats, thats only the first 10 of 804,00 links.

http://www.google.co.uk/search?q=ad...s=org.mozilla:en-GB:official&client=firefox-a

Or to this page,

http://voices.washingtonpost.com/securityfix/2009/02/adobe_urges_stopgap_changes_to.html

Brad Arkin, Adobe's director for product security and privacy, said the company was alerted on Jan. 16 about the presence of malware exploiting the flaw, though he declined to say which organization alerted them to that fact.

When asked why the company had not offered instructions on how to mitigate the threat by disabling Javascript in its products, Arkin said Adobe wanted to make sure the fix they presented was complete.


The company said it planned to ship an update to fix the flaw on March 11, and that it expects to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.

New version of Adobe Flash Player - 10.0


.22.87 - now available at the Adobe web site. Does not address the Adobe Reader flaw described above, but still worth noting.


Posted by: SSMD1 | February 25, 2009 1:14 PM |


Adobe announced publically that they have a vulnerability on Feb 19th 2009. (CVE-2009-0658)

Its known throughout the world and published by Adobe publically, as well as via NIST in the National Vulnerability Database and via US CERT at the US Department of Homeland Security.

It affects Adobe Reader 9 and Acrobat 9 - and Adobe has plans for a software patch to be available by March 11th, 2009.

It also affect Adobe Reader 7 and 8, and Acrobat 7 and 8 - and Adobe has plans for a software patch to be available by March 18th.

Since there is a known vulnerability without the availability of a software patch, and it's a critical vulnerabilitiy Adobe reccommends " that users update their virus definitions and exercise caution when opening files from untrusted sources."

And then this morning the US Government asked for volunteers to author an OVAL (Open Vulnerability Assessment Language) check for this vulnerability since their understanding is that there are ACTIVE EXPLOITS, which is true. Our Security Research Team has volunteered to author this check and provide it to the government and broader information security community.

In addition, we strongly suggest a focused action plan at this juncture:
1. Notify end users of the potential for exploits, and to not open untrusted PDF documents
2. Perform a immediate discovery scan to refresh the inventory of systems that will need to be scanned for this vulnerability, and to ensure desktop anti-virus products are installed and up-to-date.
3. Plan for a multi-step mitigation plan
- in order to minimize the vulnerability window, upgrade Adobe Reader versions 7 and 8, and Adobe Acrobat 7 and 8 as soon as possible.
- plan for the pending Adobe 9 patch testing and upgrade
- plan for potential incident responses required if an exploit is detected before the planned upgrades are completed.

"User notification and education is key, along with incident response planning in case of active exploit detection," said Ken Halley, CISSP and chief executive officer of Gideon Technologies. "Advance planning, and vigilance in monitoring your nextwork, is required. Know you assets - Minimize the vulnerability window - Know your risk. If you wait until you detect an exploit on your network, then its too late."
www.gideontechnologies.com


Posted by: BBPalSparky | February 27, 2009 4:35 PM |

Like cars and cat food software needs to be regulated so that the companies are held liable for defective or damaging products, companies should have x hours to fix a hole or receive a fine. To put off fixing a security hole for 60 days should be criminal.


Posted by: kkrimmer | February 25, 2009 8:24 PM

 

[V_R]

Its not quite that easy when theres 1200 users in our building alone.

 

[Abarbarian]

http://www.computerworld.com/action/article.do?command=viewArticleBasic&articleId=9133095

Scrolling down to the comments in the article leads you here.

https://forums2.symantec.com/t5/Vul...oited-in-the-Wild-So-Now-Where-Do/ba-p/393337

"Last year when Adobe Acrobat was being exploited in the wild, some were calling for people to switch their PDF reader software as a defense against the exploits targeting Acrobat Reader. While application diversity can enhance an individual's ability to withstand broadcast attacks, it is important to consider that any alternative software still needs to be maintained, and consideration needs to be given as to how security systems handle this software. If a replacement application is not handled well by perimeter systems, has security been improved by the replacement?"

It seems that Foxit is being kept up to date so no great panic. The article is worth a read though just to give you a more balanced view of the real world.