Friday, February 20, 2009

Adobe reveals security vulnerability

Adobe announced that the PDF-related software are also affected by the critical security flaw, which could cause the applications to crash and potentially let an attacker gain control of a person's computer. The vulnerability, a Trojan horse identified as Trojan.Pidief.E and known heuristically as Bloodhound.PDF.6, affects Adobe Reader 9 and Acrobat 9, as well as earlier versions.

Given the popularity of the software, it's remarkable that there are only a relatively small number of reported exploits. Symantec has noted that fewer than 100 people have been affected since it noticed the attacks on February 12. In their blog address this attack, the security company suggests that users consider disabling JavaScript in Adobe Reader (instructions below) in order to keep this vulnerability from being exploited.

If you only use Adobe only for reading PDF documents, then I would suggest looking into Foxit. It is a free, very lightweight PDF reader that is far more efficient than Adobe's reader. The link is below.

And finally, if you would like a review of your organization's security and virus detection practices, please contact us at Roig Consulting.

Symantec's Blog: Targeted PDFs Used as Exploits
Adobe Systems Incorporated: ADBE (NASDAQ)
Foxit Software

Instructions to disable Javascript in Adobe Reader
Modify Adobe Reader preferences to disable JavaScript under the Edit | Preferences | JavaScript menu.

No comments:

Post a Comment