Warning: Adobe confirms PDF zero-day attacks

by 14 replies
20
Just saw this post on the ZDNet blog:

Adobe confirms PDF zero-day attacks. Disable JavaScript now | Zero Day | ZDNet.com

Since most, if not all, of us read PDF's like there is no tomorrow it seemed appropriate to mention it.

Elmer
#main internet marketing discussion forum #adobe #attacks #confirms #pdf #warning #zeroday
  • Wow. Thanks for the heads up, Elmer. And also thanks to you, Chris, for mentioning Foxit Reader. I'm completely ignorant on the whole topic of pdf readers, but what I do know is that when Firefox crashes on my machine it's usually when I've opened a tab to read a pdf file with Adobe. Hmmm. I see some quick edumacation in my immediate future...
    • [1] reply
    • Holy sh*t. This is the worst f*****g thing I have come across in years.

      Thank God I use Foxit but man, can you imagine how many people could be
      literally SCREWED by this?

      Now I understand why I had that PDF popup come up from the one site I
      went to. Fortunately, when my Foxit tried to open it, an error was generated
      and the PDF was blank. I made sure the damn thing was removed from my
      hard drive IMMEDIATELY.

      The bad thing is, you don't even have to click on a PDF link. This site was a
      plain URL and I guess, what happened was the code on the site triggered
      the download of the PDF.

      This is some scary sh*t.
  • Just another reason to not have PDFs load in the browser.
    • [1] reply
    • Garrie, is there a way to actually stop that?

      My incident didn't try to load in my browser. It actually tried to start
      Foxit. I don't know how it did that but it did and it was freaky.

      But back to the question, how can you prevent PDFs from loading in your
      browser?
      • [1] reply
  • Steven,

    Check out this post from LifeHacker

    Stop PDF files from opening in Firefox - Browsers - Lifehacker

    It shows you how to disable firefox from opening PDF's.

    I had to research this myself after reading the thread!

    Thanks Elmer!
    • [1] reply
  • This is the first time I have heard of foxit ill have to check it out
  • I use Seamonkey, a Mozilla browser related top Firefox -
    here's some more information on disabling Adobe PDF reader
    in all Mozilla browsers:

    Adobe Reader - MozillaZine Knowledge Base
  • Here's another way to stop PDF files from opening in any browser (disabling it in Adobe):

    Disable PDF from Opening in Web Browser (IE, Firefox, Opera, Safari) My Digital Life

    Suzanne
    • [1] reply
    • Thanks for the great tip! I probably open dozens of PDF's every day. I have disabled JS on all my machines.

      Barry
  • Adobe, according to ZDNet, has developed or is developing a patch for the vulnerabilities announced earlier this week. The patch will be issued on January 12, 2010.

    The vulnerabilities potentially affect computers running Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh.

    Mitigation methods have also been announced by Adobe.

    You will find the ZDNet article at Adobe PDF attack update: Patch coming Jan 12 | Zero Day | ZDNet.com

    The Adobe mitigation techniques are are listed here Adobe - Security Advisories: APSA09-07 - Security Advisory for Adobe Reader and Acrobat

    Elmer
  • I can second the scary s**t comment. Especially given the ability of a URL to force a PDF download, sounds like a hackers dream. Honestly, they hit it at the right time of year as well, since so many people are either on vacation now, or about to start one between Christmas and New Years.
Join the discussion

Next Topics on Trending Feed