Saturday, February 21, 2009

Hackers have been exploiting a critical bug in Adobe Reader Acrobat


Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn.

These types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet," Shadowserver volunteer Steven Adair wrote on the group's blog.

Adobe's advisory lacks any advice users can follow to mitigate the threat from this flaw. But those at Shadowserver say Adobe Reader and Acrobat users can significantly reduce their exposure to such attacks by disabling Javascript within the application. To nix Javascript, select "Edit," "Preferences," "Javascript," and uncheck the box next to "Enable Acrobat Javascript."

Why does Reader even need Javascript?

With Reader, you can sometimes fill out forms. Those forms might use JavaScript. For example, you might a form asking your height: You plug in 6'1".

Then the form will also calculate your height as 185 cm (centimeters) for those using metric.

A better example is an order form. You indicate which things you want to purchase, and the form automatically sums the total amount of the purchases.

Some forms are dynamic in the sense that they don't have a fixed length. If you add more items to purchase, add more beneficiaries to an insurance policy, or add more text to a survey, the form add another page. The page numbering might be driven by JavaScript.

Adobe said that users should expect to see a fix for the vulnerability by March 11. In the meantime, researchers at both Shadowserver and the US Computer Emergency Response Team recommend that users disable the ability for documents to execute Javascript code in both Acrobat and Reader through the application's preference panel.

No comments:

Post a Comment