Sunday, February 21, 2010

Hackers target unpatched Adobe Reader, Acrobat flaw

Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.

The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader.

Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit.

At the moment, there is no patch available for this flaw, and Adobe's brief advisory offers little in the way of mitigation advice.

However, Internet users can protect themselves from this attack in a couple of ways. First, this exploit doesn't work unless users have Javascript enabled in Adobe Acrobat/Reader.To disable Javascript, click "Edit," then "Preferences" and then "Javascript," and uncheck "Enable Acrobat Javascript."

As an alternative to Adobe, I generally recommend the free and lightweight Foxit Reader. But there are other free PDF readers, including Sumatra PDF and PDF-XChange Viewer.

No comments: