Site icon The Mac Security Blog

Zero-Day Adobe Acrobat and Reader Attacks In the Wild

Adobe is investigating reports of a new zero-day attack against its Adobe Acrobat and Reader software that has been spotted in the wild. In a post on the Adobe security blog, the company says, “This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild.”

Adobe says little more about this vulnerability, but Shadowserver provides more information:

Several tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable.

As to the cause of the vulnerability, Shadowserver tells us that they “have examined multiple different copies of malicious PDFs that exploit this issue,” and that “this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself.”

For now, the safest way to deal with this is to simply deactivate Javascript. There are very few reasons to use Javascript in PDFs to begin with, and it is, as we have seen over time, one of the common vectors of attack, both to programs like Adobe Reader and to web browsers.

In Adobe Reader or Acrobat, choose Preferences > Javascript, then uncheck Enable Acrobat Javascript.

Share this: