Here are the instructions for mitigating a potential attack:
- Users can also turn off this functionality in the Adobe Reader and Adobe Acrobat Preferences by selecting > Edit > Preferences > Categories > Trust Manager > PDF File Attachments and clearing (unchecking) the box “Allow opening of non-PDF file attachments with external applications”
This is what it looks like:
Adobe spokeswoman Wiebke Lips said that unchecking/clearing thatbox will prevent any file type other than PDF attachments to launch.
In organizations where the administrator would like to control this functionality (rather than giving the end-user) the option to check or uncheck the box, Lips the administrator can control this functionality via the registry setting on Windows by doing the following:
- Set HKCU\Software\Adobe\Acrobat Reader\<version>\Originals\bAllowOpenFile (DWORD) to 0
- An administrator can also grey out the preference to keep end-users from turning this capability on, by setting HKCU\Software\Adobe\Acrobat Reader\<version>\Originals\bSecureOpenFile (DWORD) to 1.
Adobe is still investigating ways to mitigate this threat and has not ruled out a fix in an upcoming security patch.
The alternative FoxIt Reader, which is also vulnerable, has issued a patch to ensure there is user-action required for a successful attack but malicious hackers could still use clever social engineering techniques to launch executables from rigged PDF files.
A demo of the PDF hack has been published by researcher Didier Stevens.
Separately, another researcher has posted a video showing that it's possible to launch an attack internally from one PDF onto another already existing PDF, raising the possible of a PDF worm.
Join Discussion