Adobe Reader Security Update Forthcoming
Last week we announced that “all currently supported shipping versions” of Adobe Acrobat and Adobe Reader were plagued by two new security vulnerabilities and that proof-of-concept exploit code had been published online. Adobe at the time acknowledged the issue and has now come out to announce that an update will be made available in a matter of days.
“We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X. Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix (first mentioned in our April 28 post). This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate," said Adobe.
What are you to do while Adobe Acrobat and Adobe Reader remains unpatched and vulnerable? The first thing you can do is to turn off JavaScript; follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”. Your second option would be to not use Adobe Reader for a while; you can switch to alternate PDF readers (list here), or you could apply Service Pack 2 to MS Office 2007 which comes with PDF support amongst other improvements (details here).
Las but not least, you must remember to stay safe by knowing how to avoid threats. Take for example the recent swine flu; spammers are using it to for their own benefit and as such they are sending out spam messages containing links and PDF attachments which can put your system’s security at risk. Director of Technical Education with Eset, Randy Abrams explains: “PDFs are used to make your computer sick. The bad guys know that many people will open anything, regardless of where it came from, if it has bad news in it. never open anything about current news events if you did not subscribe to the news provider. It is always a trick and the information is never worth reading.”
“We are in the process of fixing the issue, and expect to make available product updates for the relevant supported Adobe Reader and Acrobat versions and platforms by May 12th, 2009. Adobe plans to make available Windows updates for Adobe Reader versions 9.X, 8.X, and 7.X and Acrobat versions 9.X, 8.X, and 7.X, Macintosh updates for Adobe Reader versions 9.X and 8.X and Acrobat versions 9.X and 8.X, as well as Adobe Reader for Unix versions 9.X and 8.X. Additionally, we have confirmed the second vulnerability (CVE-2009-1493) for Adobe Reader for Unix (first mentioned in our April 28 post). This issue will be resolved in the upcoming Adobe Reader for Unix updates. Currently, we have not been able to reproduce an exploitable scenario for Windows and Macintosh, but we will continue to investigate," said Adobe.
What are you to do while Adobe Acrobat and Adobe Reader remains unpatched and vulnerable? The first thing you can do is to turn off JavaScript; follow these steps: launch Adobe Acrobat/Reader -> Edit -> Preferences-> select JavaScript -> Uncheck “Enable Acrobat JavaScript” -> Click “OK”. Your second option would be to not use Adobe Reader for a while; you can switch to alternate PDF readers (list here), or you could apply Service Pack 2 to MS Office 2007 which comes with PDF support amongst other improvements (details here).
Las but not least, you must remember to stay safe by knowing how to avoid threats. Take for example the recent swine flu; spammers are using it to for their own benefit and as such they are sending out spam messages containing links and PDF attachments which can put your system’s security at risk. Director of Technical Education with Eset, Randy Abrams explains: “PDFs are used to make your computer sick. The bad guys know that many people will open anything, regardless of where it came from, if it has bad news in it. never open anything about current news events if you did not subscribe to the news provider. It is always a trick and the information is never worth reading.”
