Sociology News

Adobe announces vulnerability in Adobe Acrobat and Reader

Adobe has posted a bulletin, http://www.adobe.com/support/security/advisories/apsa09-01.html, about a critical vulnerability in Adobe Reader and Adobe Acrobat, with no patch expected until March 11, 2009. Mild consequences include causing the PDF viewer to crash, but an attacker may be able to execute other code to perform a variety of (heretofore unknown) functions.

In the meantime, please use caution when opening untrusted PDF files and make sure your antivirus software is up to date (feel free to ask the SRL for consultation on how to know whether your antivirus package and virus signatures are current). Further protection involves preventing Adobe Reader from automatically opening PDF documents in a web browser, preventing Internet Explorer from automatically opening PDF documents, and disabling JavaScript execution in Adobe Reader and Adobe Acrobat (outlined at http://www.kb.cert.org/vuls/id/905281).

There is currently no indication of an epidemic of infected PDF files, and as of today (Monday) we are not concerned that PDFs from common sources such as online journals (or archives thereof) are a likely threat.

Finally, http://www.us-cert.gov/ is an excellent source of up-to-date information on computing security alerts, and http://www.us-cert.gov/cas/tips/ has a wealth of tips primarily written for a nontechnical audience.

Back   02.23.2009