PDF attacks (continued)
Adobe PDF reader remains unpatched against the PDF exploits going around. At ZDNet, Ryan Naraine takes Adobe to task:
After more than two weeks (months?) of inexplicable silence on mitigations for a known code execution vulnerability in its Reader and Acrobat product lines, Adobe has finally posted public information on the problem but the company’s response falls well short of providing definitive mitigation guidance for end users.
Adobe’s response simply confirms what we already know and reiterates that turning off JavaScript will NOT eliminate the risk entirely. However, the company does not offer any definitive suggestions or workarounds, instead pointing to a list of anti-malware vendors blocking known attacks.
Note that disabling JavaScript can mitigate, but does not prevent, PDF exploits. Naraine continues:
According to this Secunia’s Carsten Eiram, his company managed to create a reliable, fully working exploit which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.
All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not.
Did you enjoy this post? Why not leave a comment below and continue the conversation, or subscribe to my feed and get articles like this delivered automatically to your feed reader.
Comments
No comments yet.
Sorry, the comment form is closed at this time.