Adobe warned today that hackers appear to be exploiting a previously unknown security hole in its PDF Reader and Acrobat programs.
In an advisory published Wednesday, Adobe said a critical vulnerability exists in Acrobat and Reader versions 9.3.4 and earlier, and that there are reports that this critical vulnerability is being actively exploited in the wild. The company says its in the process of evaluating the schedule for an update to plug the security hole.
Meanwhile, an evil PDF file going around that leverages the new exploit currently is detected only by about 25 percent of the anti-virus programs out there (the Virustotal scan results from today are here, and yes it’s a safe PDF).
Better yet, consider using an alternative PDF reader that isn’t quite so heavily targeted as Adobe’s, such as Foxit, Sumatra, or Nitro PDF.
Any ideas on how this might affect Chrome’s built-in PDF reader?
On my computer (Windows 7 + Chrome + Adobe Reader installed), Chrome will open a PDF file in its browser, but downloads that file to Adobe Reader. Very confusing, and probably not safe.
Hi, Seems like Adobe & Acrobat are constantly getting targeted and as a Senior & Newbie it is a little difficult to stay one step ahead of the bad guys.
Installed on my PC are. Adobe Reader 9, Acrobat, Abbyy Fine Reader 6.0, Windows Media Player, Quicktime Player and a Desktop Icon for ITunes Setup. I don’t think that they are ever used. ( I use Secunia to try to keep safe & current.)
Not to sure where they came from but would love to know if I can live without them or get safer alternates.
Is it safe to delete them or are other programmes that may be inter-dependent ?.
Any advice would be appreciated as there is very little local advice available.
P.S. Looks like Foxit would be a good replacement for Adobe.
Download Quicktime Alternate:
How about pestering Adobe for stripping out all of the scripting and multimedia garbage out of PDF (which tends to be responsible for the majority of security defects/vulnerabilities) and creating a Secure Document Format instead?
This would consist of the absolute minimum subset of Postscript needed to accurately represent a document, security/usage information and a digital signature block, and nothing else.
They could at least start with three things:
2. Automatically update by default. There’s no use in defaulting to waiting for the user to approve the update. Most don’t care, don’t notice, and never will.
3. Write your patches so that they’re smaller and in a way that does not require a reboot. Everyone else seems to be able to do this and download a 200meg update to go from 9.1 to 9.2 Pro is ridiculous when the software itself comes in a 300 meg package.
Sane defaults and a good patch system go a long way towards security.
The problem with turning on auto updates by default is that Adobe’s auto update requires the user to have administrative rights. While a user having administrative rights on their home computers is fine it is a nightmare in the buisness environment. We are able to avoid most infections both virus and malware because our users to not have admin rights.
Business environments will do updates via GP or other mechanism and will change the defaults. I don’t see this as a problem. As an admin I am almost never using the defaults, which are set for the home market anyway.
I don’t agree that it’s “fine” for home users to run as admin 😉
Agreed, but if you try to explain to the average home user about running with administrator rights vs running with standard user rights they get the deer in the headlights look.
I always liked Aaron Margosis’ blog on non-admin stuff:
“why wouldn’t you just want to log on as an admin all the time? Well, if you were a surgeon, would you always want to hold an unsheathed scalpel in your hand? Or would you prefer to keep it in a safe place until you actually need it? Does that metaphor work? How about “running with sharp scissors”? Well, let’s skip the metaphors, then.
The #1 reason for running as non-admin is to limit your exposure. When you are an admin, every program you run has unlimited access to your computer. If malicious or other “undesirable” code finds its way to one of those programs, it also gains unlimited access.”
Why you shouldn’t run as admin
The easiest way to run as non-admin
Well, they dont need to. The adobe updater can run as a service under SYSTEM credentials like WU does.
Brian, next time you talk to Adobe about their exploitware issues can you ask them when are adobe going to bite the bullet and remove all the features that get pwnd so regularly and then fix the reader thats left?
Sandboxing bad code really is shutting the barn door after the horse has bolted.
That’s never happened to me.
If it’s most instead of all, is it possible your users re-anabled it manually?
Actually I noticed this myself recently. I think one of the .x updates resets settings. 9.1 to 9.2 perhaps. Or 9 to 9.1.
Funny to reference a pdf for the VirusTotal info on a post about exploiting a pdf reader. Even using Foxit Reader, I’ve grown to loathe the PDF format. Just give it to me in straight html or text! 🙂
Sorry I’m late to the party on this one, but this just sounds like the Malware writers are worried about the upcomine Adobe Sandbox. That I believe will really cut down on these sorts of problems. All that other stuff is just a band-aid. Potentially when Adobe does sandbox PDFs it will be more secure than Foxit.
Actually, Foxit has a sandboxy-like feature with its secure reader option which is defaulted for PDFs in the browser. Adobe is just dragging its heels and at this point copying Foxit. Although, my understanding is that this will be a true sandbox or at least use Vista/7’s built-in protected mode functionality.
There are eports that that there is an exploit for the latest Adobe Reader zero day that bypasses ASLR+DEP and uses a valid but stolen security certificate. Sophisticated and nasty.
Apparently it can bypass ASLR and DEP because Adobe Reader and Acrobat use a DLL that doesn’t use ALSR. Duh!
You can use EMET 2 to force ASLR and block the exploit. details from Microsoft here:
Adobe just published an update on this as well:
“Customers using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can utilize Microsoft’s Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited.”
Scary two page analysis of this Adobe vulnerability over at http://www.theregister.co.uk/2010/09/10/adobe_security_analysis/