Tuesday, January 14, 2014

Adobe Reader Critical Security Update

Adobe
Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.05) and earlier versions for Windows and Macintosh.  These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.

Security hardening and expanded sandbox support occurs with each release. Other changes include:
  • Update blacklisted file extensions in HKLM’s FeatureLockDown\cDefaultLaunchAttachmentPerms\tBuiltInPermList.
  • More support for Enhanced Protected Mode in Internet Explorer (not fully supported yet).

Release date: October 14, 2013
Vulnerability identifier: APSB14-01
CVE numbers: CVE-2014-0493, CVE-2014-0495, CVE-2014-0496
Platform: Windows and Macintosh

Update or Complete Download

Update checks can be manually activated by choosing Help > Check for Updates.
    Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

    Additionally note that Adobe Air has been updated to version 4.0 and is available here.

    Enable "Protected View"

    Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled.  Neither the Protected Mode or Protected View option is available for Macintosh users.

    To enable this setting, do the following:
    • Click Edit > Preferences > Security (Enhanced) menu. 
    • Change the "Off" setting to "All Files".
    • Ensure the "Enable Enhanced Security" box is checked. 

    Adobe Protected View
    Image via Sophos Naked Security Blog
    If you are looking for a replacement for Adobe Reader, consider Replacing Adobe Reader with Sumatra PDF.

    References




    Home
    Remember - "A day without laughter is a day wasted."
    May the wind sing to you and the sun rise in your heart...


    No comments: