Tuesday, August 12, 2014

Adobe Reader and Acrobat Security Update

Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.07) and earlier versions for Windows.

These updates address a vulnerability that could allow an attacker to circumvent sandbox protection on the Windows platform.  Adobe Reader and Acrobat for Apple's OS X are not affected.

Release date: August 12, 2014
Vulnerability identifier: APSB14-19
CVE numbers: CVE-2014-0546
Platform: Windows

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Windows XP

    If you are still using Windows XP and have Adobe Reader installed, please note that there will be no additional security updates for it.  I suggest uninstalling it and install an alternate reader.  Personally, I like Sumatra PDF.  It isn't a target and doesn't include unwanted extras with the install or updates.  (See Replacing Adobe Reader with Sumatra PDF.)  Adobe Reference:  End of support | Acrobat and Reader for Windows XP

      Enable "Protected View"

      Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

      To enable this setting, do the following:
      • Click Edit > Preferences > Security (Enhanced) menu. 
      • Change the "Off" setting to "All Files".
      • Ensure the "Enable Enhanced Security" box is checked. 

      Adobe Protected View
      Image via Sophos Naked Security Blog
      If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.


      Remember - "A day without laughter is a day wasted."
      May the wind sing to you and the sun rise in your heart...

      No comments: