Jason Owens

Learn. Teach. Grow.

You are here: Home / Archives for Adobe

Defend Against Malicious PDFs

by Leave a Comment

In a previous post I wrote about the need to prevent JavaScript from running automatically in Adobe Acrobat or Reader. Below are some statistics further demonstrating why this is such a concern, the miscreant malfeasance, and what you can do to defend against the vulnerability.

The Dangerous Pervasiveness of Adobe Software

According to a recent report from security firm ScanSafe, by Q4 of last year, 80% of web exploits in 2009 were attributed to Malicious PDFs, while exploits in Word or Excel comprised less than 1%. The report also stated that Adobe Reader and Adobe Acrobat were the most-exploited software in 2009 . This could be attributed to significant market penetration by Adobe, combined with an identified Adobe vulnerability and a large user-base running outdated software versions. An August 2009 report from Trusteer stated that of the 2.5 million internet users its security system protects, nearly 84% were running outdated, vulnerable versions of Acrobat. That’s roughly 2.1 million vulnerable targets.

Malicious PDF Attacks

One way the exploit of a malicious PDF can succeed is by using  a combination of an application bug in Acrobat or Reader, along with Acrobat’s ability to render JavaScript in a PDF file. The exploit is further assisted by the ability to obfuscate code, compress hidden javascript, execute programs as the current user, and to do this by default as Adobe enables. Attackers are able to embed JavaScript code that can, making use functions such as unescape() and downloading, result in executable shell code triggered by the Adobe vulnerability. And as of Feb 2010, a post on pcmag.com states that Adobe is still unable to prevent the use of the unescape() function. For more details on sample exploit code, see the analysis from Websense SecurityLabs.

How to Defend Against Malicious PDFs

There are a few things you can do to defend against malicious PDFs:

To that last point, technically there’s no reason you need to use Adobe products to view PDFs. There are other PDF reader programs available, such as Foxit, Apple’s Preview, as well as other applications that can create and edit PDF documents. For even more ideas, visit download.com and search for PDF readers and editors.

Related Posts:

Top of Page

Turn Off JavaScript in Adobe Acrobat

by 1 Comment

Adobe Acrobat and Reader install by default with a fairly significant security flaw enabled. Acrobat has the ability to incorporate JavaScript into a document. It’s not uncommon for this feature to go unused and unknown, however it’s enabled by default. As a result, a script, any script, can be executed on your computer. It’s a fairly simple matter for an attacker to embed JavaScript in a PDF and infect your computer or have it perform tasks they want. This vulnerability poses a major risk to your security, and has become a powerful attack vector for penetration testers and attackers alike.

Increasingly, Adobe applications are becoming a preferred target for hackers. According to an article by CIO, Adobe will be the top target for attackers in 2010. And there supposedly is no anti-virus checking for this vulnerability yet. Luckily the solution to the problem is simple. For some time, security professional have been recommending users disable JavaScript in Adobe Acrobat and Reader. Now Adobe is recommending the same.

Make sure to patch any Adobe applications you may be running, see the steps below to disable JavaScript in Adobe Acrobat and Reader, and see possible alternatives to Adobe Reader.

To Disable JavaScript in Acrobat and Reader

Whether Mac, PC, or Linux, the steps should essentially be the same. Within the program, edit your Preferences, find the JavaScript section, and uncheck the option.

Alternatives To Adobe Reader

You can look at CNET’s download.com for examples of applications that can be used to create and view PDFs. And this bit.ly link is a Google search for alternatives.

Related Posts:

Top of Page

Categories

RSS US-CERT Alerts (5 Recent)

1 FREE Audiobook Credit RISK-FREE from Audible.com