Adobe Patches Exploit in Acrobat and Reader
Adobe has released a critical update to users of their Reader software, patching a critical vulnerability that can allow hackers to take control of a victims’ computer.
Adobe recommends the Patch for all users of Adobe Reader and Acrobat, version XI and earlier. The update affects Windows, Macintosh, and Linux users for versions 11.0.01, 10.1.5, 9.x, and all earlier versions. The patch can be downloaded from Adobe’s website, or through the automatic update feature.
Adobe has said that while automatic updates are enabled by default, individuals can manually check for an update by clicking on Help > Check for Updates.
The exploit was discovered by a security company named FireEye, and they appear to be the first people to breach the technology used by Adobe to protect their software. In an attack, victims would typically receive an email with a PDF attached, which in turn contains a well hidden JavaScript.
When the attachment is opened, the embedded Malware will download two DLL files. One file will display a fake error message and open a PDF document, and the other one installs “callback” software onto the victim’s computer. Once this software is installed, it “calls back” to a Remote Server.
Those with Adobe Reader or Adobe Acrobat (which is just about everyone) should update their software immediately. This can be done through either the software itself, or directly from Adobe. If for some reason you can’t update your Adobe software, you can instigate “Protected View” in Reader or Acrobat. This will reduce the number of options available in the software (eg. printing) but it will prevent malicious code from being executed from within documents.
To turn on “Protected View,” go to Edit> Preferences > Security (Enhanced) and then check the box next to “Files from potentially unsafe locations.” You can also check the “All Files” option, as well.
Remember, always be on the lookout for weird or unsolicited emails with PDF attachments. It is also a good policy to check with the sender to see if the attachment is legitimate or not. They might thank you, because it could be the only warning that their PC has been compromised (and it will keep you safe, too).