Home > Exploits > Do you use Adobe Reader?

Do you use Adobe Reader?

Exploited PDFs has been prevalent attack vector for awhile now but only in Windows but never been in Mac.

I had discussed this here, the prevalence, util.printf(), Virut generated PDFs and now the Zero day.  This zero day vulnerability exist in Adobe Reader 9.0 and earlier and Acrobat 9.0 and earlier version. Unfortunately, this flaw remains unpatched as of the moment – as announce in advisory “Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009.”

Here’s few recommendation to avoid this attack:

Mac Users:

1) Go to Application folder and look for Adobe Reader  and execute it.

2) Once open, click “Adobe Reader” and “Preferences” – or use shortcut key by pressing command and comma (,)

3) In Categories, click “Internet” and look on Web Browser options and uncheck “Display PDF in browser…”

4) Again in Categories, click “JavaScript” and look on JavaScript options and uncheck “Enable Acrobat JavaScript”

5) Do not open or access PDF documents from an untrusted source, specifically if you are not expecting it.

6) Make sure your security scanner is using the latest signature update, and ensure that features like real time scanning are turned on.

For Windows users:

1) Prevent your default browser from automatically opening PDF documents. To do this, open your Adobe Reader by clicking on Start > All Programs > Adobe Reader <x> (where ‘<x>’ is the version). Once open, click Edit > Preferences, and uncheck Display PDF in Browser.

2) Disable JavaScript in Adobe Reader and Acrobat. Click Edit > Preferences and uncheck Enable Acrobat JavaScript.

3) Do not open or access PDF documents from an untrusted source, specifically if you are not expecting it.

4) Make sure your security scanner is using the latest signature update, and ensure that features like real time scanning are turned on.

Take note that this vulnerability does not require Javascript to exploit. However, for attackers crafting PDF to get into users’ machine requires script to sucessfully execute its payload (base on exploited PDFs, I’ve seen),  so it is best to disable it!

Please feel free to drop by and comment if this has been helpful to you! Also, if you have found suspicious websites or file, don’t hesitate to send it through @ meths101 (at) optusnet (dot) com (dot) au. Definitely, this will help other users!

  1. March 1, 2009 at 9:18 am

    Just passing by.Btw, you website have great content!

    _________________________________
    Making Money $150 An Hour

  1. March 10, 2009 at 10:24 am
  2. April 13, 2009 at 12:09 pm
  3. May 3, 2009 at 8:16 am

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: