Posted by chris on Monday, August 10, 2009 – 12:45 PM
There has been another Adobe Acrobat Reader update released. Since this was not a planed update, there must be something nasty floating around on the net. I’d suggest you update Acrobat Reader ASAP, if you haven’t already. You probably already know how to do it, since there has been so many updates recently. In case you don’t, just run Adobe Acrobat Reader and go to the Help menu up at the top. Under Help you will want to select Check For Updates and in that window, select Download and install updates. Another window will open and you should see the download begin. If it isn’t downloading, you may need to uncheck the box marked Download when my internet is idle.
I didn’t bother looking up what this patch is for, but not long ago there was a new exploit floating around so I imagine this is what it’s for.
Posted by chris on Monday, March 16, 2009 – 1:03 AM
The patch for that security hole in Adobe Acrobat Reader 9.0, which I mentioned here earlier, is finally out. There is only a patch for version 9.0 which will bring you up to 9.1. Earlier versions of Acrobat Reader haven’t had a patch released yet.
You can get Adobe Reader 9.1 and the security bulletin regarding it here. However, this release comes bundled with Adobe AIR. If you’d just like Acrobat Reader , without AIR, you can get it here.
There’s quite a few examples of how to exploit the hole found in 9.0 so I would seriously recomend getting the update.
Posted by chris on Tuesday, February 24, 2009 – 1:14 PM
It has been recently disclosed that Adobe Acrobat Reader is vulnerable to a virus attack. Known as Adobe Reader PDF File Handling Remote Code Execution Vulnerability. A .pdf file, which is what you are reading with acrobat, is created with some code in it that uses java to exploit your computer.
After checking the usual exploit sites, I found several versions of this attack and proof of concepts. I tested them against several anti virus programs, and so far none of them detect it. I believe it is because of the way this attack is implemented. And I don’t think they will detect it since it’s not an “infected” file but a .pdf document. I could be wrong about this and maybe there will be some anti virus software that will detect it. Let me clarify this. The exploits I found were not detected. There is a trojan going around, called Pidief.E, which uses this vulnerability to install a second piece of malware. This second piece of malware takes screen shots and installs a keylogger. The screen shots and what you have typed on your computer are uploaded somewhere so the bad guys can go through it, and look for user names, passwords, credit card numbers, etc.
This particular malware can be detected, it’s the others that are out there that are worrisome.
I was more concerned with finding a fix now, because Adobe has said the flaw will be closed by March 11th, through updates to Acrobat Reader 9. Updates for earlier versions will be released later.
For now I have found to fixes. The first is a “homebrew” patch from soucerfire and can be found here. While I applaud their efforts, replacing the .dll file with their patch could have unknown results. The second fix, which I have been implimenting all day it work today, is to disable java script in acrobat reader. This is easy enough to do. Simply run Adobe Acrobat Reader. Select edit and go down to teh bottom and select prefrences. Once prefrences is open, you will see JavaScript on the left side, under catagories. After you have selected JavaScript, you will see your options on the right. The first box that is checked says Enable Acrobat Java Script. Just uncheck this box, and you are done.
If you open a .pdf file in the future and it asks you to re-enable java script, be sure to tell it no. And be sure to update Acrobat Reader when Adobe does post the update.
