Thursday, February 14, 2013

Critical Security Advisory for Adobe Reader and Acrobat (APSA13-02)

 Adobe released Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh.

Release date: February 13, 2012
Last updated: February 14, 2012
Vulnerability identifier: APSA13-02
CVE number: CVE-2013-0640, CVE-2013-0641
Platform: All Platforms

Adobe reported that the vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.  These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

Both Windows and Macintosh operating systems are vulnerable, however mitigation is only provided for users of Adobe Reader XI and Acrobat XI for Windows.  

Enable "Protected View"

In order to minimize vulnerability it is recommended Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Unfortunately, neither the Protected Mode or Protected View option is available for Macintosh users.

To enable this setting, do the following:
  • Click Edit > Preferences > Security (Enhanced) menu. 
  • Change the "Off" setting to "All Files".
  • Ensure the "Enable Enhanced Security" box is checked. 

Adobe Protected View
Image via Sophos Naked Security Blog
If you haven't updated to the latest version of Adobe Reader it is strongly advised that you do so and enable the settings as illustrated above.  On other hand, if you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.


Remember - "A day without laughter is a day wasted."
May the wind sing to you and the sun rise in your heart...


Anonymous said...

Thanks so much for this, Corrine. Is there are reason Adobe isn't automatically set to protected view? Is there a downside to functionality or performance? If not shouldn't it be enabled by default?

-Brian Fiori (AKA The Dean)

Corrine said...

Hi, Brian.

It is nice to hear from you again!

I don't know the reasoning for not having Adobe Reader automatically set to Protected View. My only guess is that having the additional security settings in Adobe Reader will result in extra clicks by users, resulting in unhappy feedback.

Personally, I haven't used Adobe Reader in a very long time, which is why I credited Sophos for the image from their blog. In fact, just as I got rid of Java several years ago, I also replaced Adobe Reader. I selected Sumatra PDF because I didn't care for it when Foxit added the Ask Toolbar.

I also selected Sumatra because it has a small footprint and is not a target like Adobe Reader. I have not had any problems opening PDF files at sites that have "Adobe Reader Required".

With Sumatra, you can select text or an image and copy it. It also has a Restricted Mode available. If you don't like the yellow background, it can easily be changed. (Sounds like it is time for me to create a blog post about Sumatra.) Sumatra PDF

Supported OS: Windows 7, Vista, XP.

Anonymous said...

Thank you, Corrine.

I also used Foxit for years and got rid of it when they started pimping Ask--and as it became ever larger. I have used other alternatives, but not yet Sumatra. I will give it a try next.

I have to stay current with Adobe Reader because most of my clients use it. Most of my business clients seem to want to use whatever is "standard". Most of my residential clients seem to think they MUST have Adobe when they see the inevitable link to Adobe on a pdf document/download. Business or residential, whatever alternative I install for them (and explain in detail) Adobe is usually back on their computer my next visit. I have decided it is best to simply install Adobe and make it clear they MUST keep it updated. Now I will be sure to be sure protected view and protected files are selected.