Carnegie Mellon University Website Home Page
 
Skip navigation and jump directly to page content
News
Security News Archives
2009
February
Security Alert: Adobe Reader & Acrobat Unpatched Vulnerability – Attacks Underway
Security Alert: Virus Emails - You've received A Hallmark E-Card
Accounts
Network, Phone & TV
Software
Email & Calendar
Secure Your Computer
Clusters & Printing
Web Services
Classroom & Event Support
Training & Education
Technical Support & Services
Campus Partners
Information Security Office (ISO)

Security Alert: Adobe Reader & Acrobat Unpatched Vulnerability – Attacks Underway

Who:  Windows, Mac, and Linux users

What:  Adobe Reader & Acrobat unpatched vulnerability allows attackers to take control of your machine

When:  February 26, 2009

adobe-reader

How: Windows, Mac, and Linux users running Adobe Reader or Acrobat are vulnerable to exploits.  An unauthorized attacker may take complete control of an affected system by convincing the user to open a maliciously crafted Portable Document Format (PDF) file.  Patches are not available yet and the vulnerability is being actively attacked through e-mail, instant messaging (IM), and malicious or compromised web sites.

Until a patch is released and applied to your system, if your Adobe Reader, Acrobat, or web browser crashes when opening a PDF file, STOP! Immediately take the following steps:

  1. Disconnect from the network - turn off wireless or unplug the wired network cable.
  2. Discontinue use of the machine but DO NOT power off.
  3. Contact the Information Security Office at (412) 268-2044 or iso@andrew.cmu.edu or your departmental computing administrator/DSP consultant for further instructions.

These steps are excerpted from Responding to a Compromised Computer .


If your computer is managed by a Carnegie Mellon departmental computing administrator, please consult that person before making any system changes.

What You Need To Do:

NOTE: You must login with an administrative account/password to complete steps marked with ***

  1. Do not open unexpected or untrusted PDF files

    Always avoid opening unexpected files or links received via email or IM even from trusted sources without first verifying the messages authenticity via a phone call or separate email to the sender.  Email and IM messages may easily be forged or sent from compromised accounts. 

    Where possible, avoid opening PDF files from untrusted websites until a patch has been released and applied to your system.

  2. Ensure Symantec/Norton AntiVirus is installed and updating regularly ***

    Windows instructions

    Mac instructions

  3. Subscribe to Computing Services News or monitor the ISO website for patch news

    Adobe patches for this vulnerability will be available soon.  Subscribe to Computing Services News or check the ISO website regularly for our security announcement when the patches become available.

More What You Need to Do - For Advanced Users:

For those who may be at higher risk due to necessary online activity or handling of sensitive data and are comfortable with some technical inconvenience for the sake of added security, we additionally recommend the following:

  1. Prevent Your Web Browser from Automatically Opening PDF Files

    Internet Explorer ***

    a. Download ieaskpdf.zip to your desktop

    b. Extract  ieaskpdf.zip to a convenient location

    c. Double click on the resulting IEAskPDF.reg file

    d. When prompted to add the information to the registry, click Yes

    e. Click OK when success is reported

    NOTE: If you need to reverse this change, download ienoaskpdf.zip and repeat these steps with IENoAskPDF.reg.


    Mozilla Firefox***

    a. Launch Firefox

    b. On Windows, choose the Tools menu and click Options.  On Mac OS, choose the Firefox menu and click Preferences.

    c. Click the Applications button at the top of the window

    d. Click on the first item that begins with Adobe Acrobat (if they exist) under the Content Type column.  If none exists, skip step e.

    e. Change the Action value for that entry to Always ask

    f.  Repeat  steps d. and e. for all other entries that begin with Adobe Acrobat

    g. Repeat steps d. and e. for all other entries that begin with PDF file (if they exist)

    h. Click OK to save the changes

  3. Disable Acrobat JavaScript

    a. Launch Adobe Reader or Acrobat

    b. Choose the Edit menu

    c. Choose Preferences...

    d. Click JavaScript under Categories:

    e. Uncheck the Enable Acrobat JavaScript checkbox.

    f. Click OK to save the changes.

    g. If you have both Adobe Reader and Acrobat installed, repeat these steps for the other program.

    Once Acrobat JavaScript is disabled, Adobe Reader and Acrobat will prompt you to re-enable Acrobat JavaScript when a PDF containing JavaScript is opened.  We recommend you choose No when prompted to keep Acrobat JavaScript disabled.  If you choose Yes to enable Acrobat JavaScript when prompted, you will need to repeat the above steps to disable Acrobat JavaScript again once you finish working with the affected PDF.

More Technical Information:

Adobe Security Bulletin APSA09-01 - Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat
http://www.adobe.com/support/security/advisories/apsa09-01.html

US-CERT Vulnerability Note Vu# 905281 - Adobe Reader and Acrobat JBIG2 buffer overflow vulnerability
http://www.kb.cert.org/vuls/id/905281

Contact:
Please direct any questions or comments to the Computing Services Help Center at x8-HELP (4357) or advisor@andrew.cmu.edu, or to your departmental administrator or DSP consultant.