Comments on: Adobe warns of critical, unpatched security flaw

Software maker issues warning for Adobe Reader 9 and Acrobat 9, as well as earlier versions of the PDF software. Attackers reportedly have been exploiting the flaw.

[MichelleMcCormack]

I sent a form to be filled out to a client this week, that I created in Adobe 9. Should I tell them to delete it? :)

[BtmnHatesRbn]

Adobe 9 what? There isn't any Adobe program called Adobe. Did you mean Acrobat or Reader?

[c|net Reader]

You do not need to worry about PDF files you created. It is PDFs hosted on web sites that could be a problem for you and them. Even if you trust the web site, a hacker could have replaced their PDF with a modified version that exploits the vulnerability.

[c|net Reader]

Computerworld's article on this subject was far more informative. There you can read that this buffer overflow hack is only effective if JavaScript is enabled in Adobe Reader and Adobe Acrobat. If you disable JavaScript, until the patch is installed, then Reader and Acrobat will crash when you open a hacked PDF, but your system won't be vulnerable.

[Penguinisto]

Let me guess - you only need bother if it's running on top of Windows, right?

[BtmnHatesRbn]

Sounds like it. Hey folks, move over to Mac OS X, Ubuntu, FreeBSD, or hell, even Windows 3.1.

[jandler]

u guys wrong

[Penguinisto]

Well that was technically illustrating. Maybe you (not "u") can elucidate on why you (again, "you" not "u") think that we "guys wrong"?

[Dalkorian]

That was my first question as well. It mentions it's an Adobe flaw that causes a trojan to be installed - it sounds like it *could* affect any platform. Curious how few links there are to follow up - anyone know if other platforms are vulnerable?

[Vegaman_Dan]

It's probably a safe bet that it an exploit that would affect unpatched Windows systems. That's the most likely scenario.

It could be a platform independant one however since Adobe's products are on a wide range of products and do require admin rights to install on most- possibly becoming a vector in and of itself.

We just don't have enough information and Adobe won't be exactly eager to share.

[Dalkorian]

Well, I ran into this article - proving it's worse than "just another winblows exploit" ...

http://www.macworld.com/article/138943/2009/02/adobe_vulnerability.html?lsrc=rss_main

Yeah, it looks like even Mac's are vulnerable to this. It's an exploit of Adobe (Reader/Acrobat specifically) and affects ALL platforms. Of course the question still stands as to what is out there "in the wild" currently - is it smart enough to download the right trojan for the platform, or does the trojan itself work on all platforms or is this currently used to attack only one platform?

Mac users have options, Apple's Preview app handles pdf files pretty decently. I'm pretty sure there are Linux alternatives as well (there *IS* a Linux version of Acrobat or at least Reader, right?) Anyone know of a winblows alternative to Reader?

[jeffguevin]

Can we assume that this flaw exists when viewing PDF documents inside a browser? Should we disable browser plugins?

[Dalkorian]

No, apparently not. It's Acrobat/Reader itself having issues with specially mal-crafted pdf files. Disable scripts, or find an alternative pdf viewer.

Note Adobe will *eventually* fix this, so if you end up missing Reader after a few months you can check to see if they fixed this yet.

[jeffguevin]

At least one security site recommends turning off Javascript in Adobe Reader to thwart attacks.

http://www.shadowserver.org/wiki/pmwiki.php?n=Calendar.20090219

[Get_Bent]

There's nothing like a zero-day exploit to make your day. Two-and-a-half weeks to release a fix, and even longer for older versions of Adobe's software? Nice. How many machines will be compromised while we're waiting for the patch? It's no wonder I use a third-party PDF viewer like Foxit Reader instead of Adobe's program.

[BtmnHatesRbn]

You don't make any sense, as you had to go out your way to install that other applications for reading/viewing PDFs. So the point is moot that you used it because of security flaws. Also, what does the average person on a Windows computer doing that this exploit will affect or effect their computer use?

[Get_Bent]

BHR> You don't make any sense, as you had to go out your way to install that other applications for reading/viewing PDFs.

You have to go "out of your way" to install Adobe Reader, too. What's your point?

BHR> So the point is moot that you used it because of security flaws.

Foxit Reader doesn't use Adobe's code, so it doesn't contain this security flaw. And my question still stands: How many computers will be compromised in the time that it takes Adobe to release the patches for versions 9, 8, and 7?

BHR> Also, what does the average person on a Windows computer doing that this exploit will affect or effect their computer use?

I can think of a couple:

- They click on a link with an embedded PDF.
- They receive an e-mail with an attached PDF and open it.

Most people don't think of PDFs as being potentially dangerous.

[EvilUrgency]

Very useful information and I thank the author, however the message is diluted by the errors left uncorrected for lack of a simple proof read. Thus I am left to wonder about the credibility of the author and the information contained in the article. If rereading the article to check for errors is too much to ask from the author why should I bother to read it at all? CNET should demand higher standards from its authors before allowing them to publish in its name.

[8301]

Your first sentence is a run-on, and "proofread" is one word. Thus, I am left to wonder about your credibility as a CNET commenter and the information contained in your comment. Of course, as a CNET commenter, your credibility is already negligible, and your comment contained no useful information, so I don't suppose I have to wonder very long.

[A_Wave]

You must be the evil grammarian about whom our mothers warned us.

Re-reading should be hyphenated.

[mjconver]

@EvilUrgency -

I always question the credibility of anyone who posts under an alias. It shows cowardice.

Jay Converse

[BtmnHatesRbn]

I use Preview on a Mac to see/read PDF files, so I guess this doesn't apply to me at all.

[DarthSpudro]

@EvileUrgency -

"Proofread" is one word.

[Penguinisto]

Well, there are always solutions:

xpdf, Foxit, OpenOffice, Preview on OSX...

...oh, wait - heh. :)

[8301]

Could you at least put a cap on the number of comments you post on one article? It's very disconcerting to avoid reading your self-important drivel once, only to encounter it again later on the same page.

[jandler]

I prefer this one
Quite funny actually
http://digitaldaily.allthingsd.com/20090220/heres-a-patch-for-you-adobe-acrobatuninstallexe/

[Penguinisto]

@ 8301:

I love you too... now put the sockpuppet away.

[Vegaman_Dan]

Penguinisto's reputation is a well earned one. He's at least fairly consistent. It really throws peopple off when he does something unexpected like post something that was well thought out, legitimate, or adds to the subject at hand.

Thankfully he was true to form here. :)

[DECKitBRUISEit]

Time for the smug mac-user smile of the day :)

[Vegaman_Dan]

However nobody knows what plaforms this Adobe flaw affects- it may affect all the platforms that Adobe produces for. Adobe isn't saying at this time.

A bit too early to have the smug look yet.

[Dalkorian]

Maybe not Deck ...

http://www.macworld.com/article/138943/2009/02/adobe_vulnerability.html?lsrc=rss_main

It's an Adobe exploit, not a platform one. ALL platforms are vulnerable. So you can put that smug look away - unless you use Preview to view pdf files.

;-)

[beckychr007]

BtmnHatesRbn,

Thanks for clarifying something that no one was confused about.

[darthstupid]

Unfortunately this is a cross platform security flaw. Meaning Mac users and Windows users are vulnerable.

Simplest solution for now is to turn off Javascript in Acrobat 7 through 9 by going to "Preferences" look for the "Javascript" pane and then turn off "Enable Acrobat Javascript". When the flaw is patched undo that and you are golden (until the next flaw is found). Otherwise just leave it off and you won't miss much (other than some automated form filling which you probably don't use anyway).

[drkgeek]

I actually got a virus from adobe a few days ago, I followed it and killed it with Malwarebytes.

[Sum--Guy]

Ok, explain this.

Is this fundamentally a flaw in the Sun Java JRE? Meaning that a JRE update will (or could) block this exploit, regardless of what Adobe does? Also meaning that other apps could be exposed to this vulnerability?

Regarding turning off javascript "within" Acrobat - does this mean I can generally have javascript turned on (for other apps) but specifically turn it off for Acrobat?

Also - is Acrobat 6.x affected by this threat? (And don't say that Acrobat 6 is no longer supported, because that doesn't answer the question even if it is true).

[redhotzz]

I needed Adobe Acrobat Reader and downloaded it last night. Within a few hours my free version of AVG threw up a window saying a threat was being stopped. I was gone all morning today and came home to a huge screen that said: C:\System volume Information\_restore{D534...Trojan Horse Generic 12.AQBH. NONE of the buttons on AVG do anything It. I came here to Cnet to check what might be going on and here is the Adobe Acrobat Reader blog. I 've uninstalled Adobe. AVG now wants $34.99 to use version8. Anyone else experience this? thanks ahead!