ACROBAT 7-9 READER ALERT - PASS IT ON

Share: Email Story Twitter Facebook Stumbleupon Add to Any
by RoryKearney | February 26, 2009 at 04:32 pm
147 views | 4 Recommendations | 2 comments

Photos

pdf-sos

pdf-sos

see larger image

uploaded by RoryKearney

This affects both PC and Mac.

Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat

Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn.

...

But those at Shadowserver say Adobe Reader and Acrobat users can significantly reduce their exposure to such attacks by disabling Javascript within the application. To nix Javascript, select "Edit," "Preferences," "Javascript," and uncheck the box next to "Enable Acrobat Javascript."


In the past I have recommended the free version of Foxit Reader as a faster and more lightweight alternative for viewing PDF files. However, I have not yet been able to verify whether Foxit Reader may be similarly vulnerable. I will update this post if I receive an answer from Foxit.

Update, 10:34 a.m. ET: "Sherry" from Foxit wrote me back to say the company has no information to suggest Foxit is similarly vulnerable: "Currently Foxit Software have not suffered these problems. And we will pay attention to it in the future."

Also, Symantec has now posted its writeup on this flaw, saying it has received reports of targeted attacks against government, large enterprise and financial services organizations. "We have observed few exploits of this vulnerability in the U.S., China, Japan, Taiwan and the U.K. and continue to monitor for any signs of a widespread attack using this exploit."

FULL ARTICLE

http://voices.washingtonpost.com/securityfix/2009/02/attackers_exploiting_unpatched.html?hpid=sec-tech

* * * * *

Other possible fixes are using microsoft pdf reader for pc and using preview reader for mac. Also you can  turn off the java in mac acrobat reader, and possibly ie also has a java preference you can disable.

* * * * *

Your Next Adobe PDF May Be Infected
By Scott Budman

NBCBayArea.comupdated 39 minutes ago

One of the most popular software programs in the world is flawed.

http://www.msnbc.msn.com/id/29412277/

* * * * *

Still be cautious as there is no guarantee any of these fixes will stop you from getting infected.

* * * * *

I looked to see if this pdf alert has already been posted and didn't see it. If I am mistaken let me know in a comment and I will delete this post.

Share: email story | add to any | | facebook | stumbleupon

Most RecentMost Recommended Comments (2)

recommend This comment thread is now closed
0
René
René

at 16:51 on February 26th, 2009

I can open PDFs in Firefox browser ( a plugin or addon), also in Safari and do have Preview on my Mac. Any body have a clue where these infected PDFs come from? Names on the PDFs?

I'd recommend you not open any PDFs that come with an email, unless it is pre-arranged with your correspondent.

0
RoryKearney
RoryKearney

at 17:04 on February 26th, 2009

I assume that the pdf can be downloaded off the web too. Somebody can put a link in a post that is attached to a boobytrapped pdf that looks like something you want to read. Everybody needs to be cautious until adobe provides a patch. The internet will never be completely secure, as long as there are devious people out there.

This story was created over 3 months ago, the comment thread is now closed.

in , , , , , ,

What is NowPublic?

NowPublic lets people work together to cover news events around the world.

Find out more

Crowd Power

mtammas
First Flagged at 4:42 PM, Feb 26, 2009 by mtammas
These members have powered this story:

Related Stories

Recommendations (4)

Most recently recommended by:
  • René

    René
    New Orleans, Louisiana, United States

  • mtammas

    mtammas
    Vancouver, Canada

Track this Story

 

closeSign in to NowPublic

Not a member?

JoinIt's free!

is reporting from
Member
NP Rank: