/>
X

Adobe suggests workaround for PDF embedded executable hack

Adobe is suggesting that users configure its PDF Reader product to limit the damage from an attack.
ryan-naraine.jpg
Written by Ryan Naraine on

On the heels of a warning that malicious executables can be embedded into PDF files and launched with minimal user interaction, Adobe is suggesting that users configure its PDF Reader product to limit the damage from an attack.

Here are the instructions for mitigating a potential attack:

  • Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”

This is what it looks like:

Adobe spokeswoman Wiebke Lips said that unchecking/clearing thatbox will prevent any file type other than PDF attachments to launch.

In organizations where the administrator would like to control this functionality (rather than giving the end-user) the option to check or uncheck the box, Lips the administrator can control this functionality via the registry setting on Windows by doing the following:

  • Set HKCU\Software\Adobe\Acrobat Reader\<version>\Originals\bAllowOpenFile (DWORD) to 0
  • An administrator can also grey out the preference to keep end-users from turning this capability on, by setting HKCU\Software\Adobe\Acrobat Reader\<version>\Originals\bSecureOpenFile (DWORD) to 1.

    Adobe is still investigating ways to mitigate this threat and has not ruled out a fix in an upcoming security patch.

    The alternative FoxIt Reader, which is also vulnerable, has issued a patch to ensure there is user-action required for a successful attack but malicious hackers could still use clever social engineering techniques to launch executables from rigged PDF files.

    A demo of the PDF hack has been published by researcher Didier Stevens.

    Separately, another researcher has posted a video showing that it's possible to launch an attack internally from one PDF onto another already existing PDF, raising the possible of a PDF worm.

Related

Why you should really stop charging your phone overnight
iphone-charging.jpg

Why you should really stop charging your phone overnight

iPhone
How to get Photoshop for free
photoshop free trial

How to get Photoshop for free

Photo & Video
I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one
img-1724

I loved driving the Hyundai Ioniq 5 and Kia EV6, and there's only one reason I can't buy one

Electric Vehicles