Adobe Reader vulnerability

[Exterminator]

The vulnerability affects all recent versions of Adobe Reader and Acrobat including the latest release versions. At the time of writing, there is no update available that you can install to protect yourself, your data and your computer from the vulnerability.

The vulnerabilities, which are actively exploited right now on the Internet, can cause Adobe Reader or Acrobat to crash allowing the attacker to take control of systems the software is running on. Adobe is aware of email based attacks that try to trick users into loading attached pdf documents with malware payloads.

Adobe is currently working on a fix to patch the vulnerability in Adobe Reader and Acrobat, but it is not clear yet when the company will release the fix to the public.

The company posted mitigation information on the security advisory page:

Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the “Files from potentially unsafe locations” option under the Edit > Preferences > Security (Enhanced) menu.

Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method.[...]

Read More Here

 

[Ramblin]

Every day we see more and more reasons why it is a good idea to use programs like Sandboxie. For people using SBIE, this exploit is not a problem. I know I might sound a bit repetitious for always recommending to use the sandbox but I do it because not only it is a given that it works protecting against this kind of menace but also because it is very easy to learn and use.

Let me tell you how I handle PDFs using Sandboxie paid version and how a user with the free version can handle PDFs using Sandboxie. Using either version works great.

If I am browsing and I want to view a PDF, I just click on it and my PDF Reader opens out of the browser in my browser sandbox. The PDF is allowed to run and not to connect. If the PDF is carrying an exploit like the one in the link, the infection is gone when I close the browser/ PDF and delete the sandbox. If the PDF had a keylogger, nothing can be send out since I don't allow my PDF reader (Foxit) to connect.

If I download a PDF file to my hard drive or if a friend send me one and I download it to my download folder or desktop. When I click in the file, the PDF file runs in my PDF sandbox. If there is an exploit, I wont even know about it since SBIE doesn't tell me anything about whether the PDF is infected or not but when I close the PDF, the infection is gone (if there is one) and my system remains intact.

If for some reason, the exploit gets to run (something unlikely when using a restricted sandbox) and your system crashes, thats not a problem if you are using SBIE because the infection is contained by the driver and after restarting the system, deleting the sandbox is all thats needed.

For someone using the free version, the only difference from above is when you download a PDF file you need to either right click on the file and choose to run it sandboxed or you can use a sandboxed Windows Explorer to navigate to the file and run it sandboxed. Everything else is the same.

Bo

 

[rebel4life]

hiya btw i read where hackers are now working on bypassing sandboxed programs

 

[Ramblin]

hiya btw i read where hackers are now working on bypassing sandboxed programs

Adobe Reader has a hole open to exploits about 300 days a year.

If you know of any malware that escapes Sandboxies sandbox, please let us know. One will be enough.

Bo

 

[rebel4life]

i'll keep my eyes open and if any malware attacks bypasses any sandbox ed programs i'll sure and tell people about ok

 

[Gnosis]

I use Foxit reader. I hate Adobe.

 

[rebel4life]

gnosis how do you disable adobe reader and then install foxit

 

[Gnosis]

Use a program called "Revo Uninstaller" to uninstall Adobe Reader.

http://www.softpedia.com/get/Tweak/Uninstallers/Revo-Uninstaller.shtml

Link to Foxit Reader:

http://www.filehippo.com/download_foxit/

You will find that Foxit is not nearly as sluggish as Adobe.

 

[Ramblin]

gnosis how do you disable adobe reader and then install foxit

Rebel, using Foxit is a good idea. You can uninstall Adobe Reader from Control panel, that's what I would do.

You can install Foxit using the link from File Hippo or use the portable version. If you install the Set up version, be aware of the toolbar that is offered and don't install it.

There use to be a msi version (no toolbar) but I haven't seen that one for the last few months so now I am using the portable.

http://portableapps.com/apps/office/foxit_reader_portable

Bo

 

[samit]

I don't like Adobe reader so I am using Nitro reader....

 

[ZeroDay]

I'm not a fan of Adobe reader, I use pdf xchange

 

[avastalicious]

I myself use Foxit Reader and PDFCreator for printing to PDF. Is there any advantage of using Adobe Reader/Acrobat these days?

 

[rebel4life]

i still got adobe air and shockwave should i uninstall them as well

 

[Ramblin]

i still got adobe air and shockwave should i uninstall them as well

You should get rid of them if you dont use them. You will be safer doing so. Same applies to any other plugin that you have installed in your computer but don't use.

A little more than four years ago, I had 13 plugins in Firefox. After I finished checking each of them to see if I had any use for them, I ended up uninstalling all of them except Flash. I left Flash because I use Flash. By getting rid of all other plugins, I made my computer safer. You ll be safer if you follow that approach.

Bo

 

[Plexx]

You should get rid of them if you dont use them. You will be safer doing so. Same applies to any other plugin that you have installed in your computer but don't use.

A little more than four years ago, I had 13 plugins in Firefox. After I finished checking each of them to see if I had any use for them, I ended up uninstalling all of them except Flash. I left Flash because I use Flash. By getting rid of all other plugins, I made my computer safer. You ll be safer if you follow that approach.

Bo

How exactly would uninstalling unused software/plugins make you safer as I fail to understand that point. I would understand perfectly if you mean makes your computer faster but safer?

If the user has Adobe installed but doesn't use and instead uses an alternative, it is still as safe as if Adobe wasn't installed.

 

[Ramblin]

How exactly would uninstalling unused software/plugins make you safer as I fail to understand that point.

I cant believe you wrote the above. I wont even reply to that.

I think you should relax.

Bo

 

[Plexx]

I cant believe you wrote the above. I wont even reply to that.

I think you should relax.

Bo

As far as I am aware, exploits in adobe are triggered if it the reader is used.

If it is dormant however, it shouldn't trigger.

It was a valid question but if your attitude is like that, you might as well don't even reply instead of posting what you just did.

 

[rebel4life]

woow we now have a soap opera here btw anyone has any ideas about python or ironpython its about javascript oops sorry posting here me bad lmao

 

[Exterminator]

I would think this is much the same as Java.Update it and you can leave it installed in case you need it for something but Disabling it removes the threat.Sure if you want to uninstall it that is your choice.

The vulnerability here is when Adobe is run the exploit causes it to crash and thus allowing the attacker to take control of your system.Having it installed but disabling it until a patch comes out removes the threat.If you have it installed make the advised security setting changes and disable it .Sure you can download another PDF program but I dont think leaving it installed but disabled is a risk to your system.

 

[illumination]

If we were to uninstall everything that has had or has a chance of vulnerabilities/having a vulnerability, we would never make it to the internet, instead we would be staring a the pretty blank/black screen of a computer not running