Adobe offers workaround for PDF risk

Adobe offers workaround for PDF risk

Summary: The workaround has been provided to guard against attacks that use a feature in its Reader and Acrobat software to fool users into installing malware

SHARE:
TOPICS: Security
3

Adobe has provided a workaround for an issue in its Reader and Acrobat software that could let PDFs be used to spread malicious software.

In March, security researchers discovered a feature in the software could be used to trick people into running an embedded executable program in a PDF. Malicious software could be installed on the victim's PC without an attacker exploiting any vulnerability on the system.

On Tuesday, Adobe product manager Steve Gottwals outlined the workaround in a blog post. Sysadmins can alter a registry setting on Windows, or grey out a PDF preference, to stop users turning on the /Launch capability, which is the exploitable feature, he said.

In addition, Adobe is evaluating the best way to allow admins and users to mitigate the problem. This could be pushed out in a product update, according to Gottwals.

"We are currently researching the best approach for this functionality in Adobe Reader and Acrobat, which we could conceivably make available during one of the regularly scheduled quarterly product updates," said Gottwals.

The PDF hack was made public by security researcher Didier Stevens. Stevens showed how an attacker could use the launch function triggered by opening a PDF. While Adobe Reader launches a dialog box to ask for user approval to run the executable, the message in the dialog box can be manipulated look like an innocuous message and so to fool users into starting the program, wrote Stevens in a blog post.

The proof-of-concept attack demonstrated by Stevens also works with Foxit Reader, an alternative to Adobe Reader. However, Foxit does not pop up the dialog box.

Topic: Security

Tom Espiner

About Tom Espiner

Tom is a technology reporter for ZDNet.com. He covers the security beat, writing about everything from hacking and cybercrime to threats and mitigation. He also focuses on open source and emerging technologies, all the while trying to cut through greenwash.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

3 comments
Log in or register to join the discussion
  • Okay... so it could infect a PC running Windows. Is there any threat to the Macintosh OS X platform, or can I go back to my usual state of not worrying about these things...?
    cubamark
  • I'm also wondering about Linux as well. Seems that most of these vulnerabilities are only on the Windows platform.
    Chris_Clay
  • I don't think you have to worry about a Linux box being affected by this flaw. An "embedded executable" sounds like windows only. And I don't think you have to worry about software being installed on Linux, or MAC, without knowing it, as it will ask for your root password before allowing installation of software. And, even if you do allow it to install a windows program it won't work under Linux, and I doubt it will even install.
    ator1940