Adobe Acrobat bug more dangerous than originally thought

by Lee Mathews (RSS feed) Mar 5th 2009 at 6:40PM

The Adobe Acrobat vulnerability that was reported here back on February 20th remains unpatched, and it now appears that the risk the bug presents is even greater than originally thought.

Because of the way Adobe integrates into Windows explorer - to provide metadata information about PDF files - there is a chance that your system could become infected without ever opening a single file. Since the bug's code can be placed within a file's metadata, any action that calls that data could set things in motion. That includes something as simple as hovering your mouse over the file icon, according to Obsessable's Stephen Schenck.

In the original post, I suggested using an alternative application to read files, but that won't fully address the vulnerability. To be completely safe, you'll have to remove Adobe Reader (and presumably, Acrobat as well) from your system for the time being and reinstall it once Adobe has developed a patch.

[ via Obsessable ]

Tags: adobe-reader, bug, danger, error, vulnerability

Reader Comments (Page 1 of 1)

Sam said 6:53PM on 3-05-2009

does it also make your acrobat change to Spanish?

Duncan said 7:29PM on 3-05-2009

Use Foxit reader instead, its faster and generally less of a resource hog anyway.

Hamman Samuel said 3:51AM on 3-06-2009

Totally agree, Foxit is my choice from all the PDF viewers out there.

The Gnome said 7:40PM on 3-05-2009

Go Foxit Reader

gt-racer said 8:07PM on 3-05-2009

does the uninstall include air and flash player?

von Blogger said 9:43PM on 3-05-2009

Maybe this is a dumb question, but would Norton 360 (or similar antivirus software) help with this Acrobat problem? Thanks for feedback.

LMM said 1:33AM on 3-06-2009

My educated guess is no. The Acrobat bug is an exploit, meaning it triggers a problem within Acrobat's coding that creates a whole separate problem. Typically an exploit is used to cause the program being exploited to either harm the machine by deleting files, tell the machine to read some info and send it somewhere (like passwords), or tell the machine to download and execute a virus. So in other words, any sort of virus would happen AFTER the bug was exploited, not before.

Long story short: the answer to your question is no. But then again I'm not an expert and I didn't read the security brief on this particular bug.

LMM said 1:38AM on 3-06-2009

Sorry to double-post, but I read the security briefing on this bug real quick out of curiosity. It's pretty vague, but it says Adobe's working with anti-virus companies to get this sorted out. In other words, the anti-virus people are either working on or have already distributed updated virus definitions to avoid this, but since that's not explicitly stated anywhere, they also may not have been able to do anything yet.

Long story short: There is no definite answer to your question. Disable Adobe Acrobat and Reader until they put out a bug fix just to be safe.

Brian said 11:15PM on 3-05-2009

The developers of Foxit have confirmed that this doesn't affect their software. Good thing I use it! :)

JJ said 3:44AM on 3-06-2009

I use Foxit Reader but for PDF creation and editing, I use Adobe Acrobat.

With this exploit, I don't know any other good PDF editor/creator I can use in place of Acrobat.

Edgardo said 8:45AM on 3-06-2009

Does anyone know if Nitro PDF Pro is affected?

rush0 said 8:50AM on 3-06-2009

How is meta data secured in other programs?

palmerc said 10:52AM on 3-06-2009

Use Apple Preview and you will be fine.

Cheers

The Captain

Lee Mathews said 10:23AM on 3-06-2009

As stated in the post, you have to get Acrobat completely off your system.

It's not enough to leave Acrobat installed and use a different app to open files since the bug can be triggered without opening a file. Shell integration, FTL.

Not sure if this part of the bug affects Mac, but it's best to play it safe.

CaptainCol said 11:01AM on 3-06-2009

Sorry Lee read your own posts and the subsequent links and you will see this is fine.

Racetrack_Owner said 4:24PM on 3-06-2009

To be fair, you'd first have to actually download an infected PDF to your local machine, and it doesn't appear that this crucial step has been automated in any fashion. It's bad (which I'd have said about Acrobat anyway) but its viability as a "useful" exploit is questionable at best. Basically... if you can get somebody to download a malicious attachment or file, there are probably easier ways to infect their machine than this.

Featured Time Waster

Graveyard Shift - zombie-busting Time Waster

With Halloween fast approaching, it's a great time to get in some practice defending your territory against zombies. In Graveyard Shift, you take aim at zombies and other creepy-crawlies, blasting them into splatters of cartoony green guts. It's a casual first-person shooter, and it's very easy to get the hang of - use the mouse to aim, click to fire. Graveyard Shift has at least 15 levels, and it might even have some secret stages I haven't unlocked yet. They key to getting good at Graveyard Shift is learning to use ...

View more Time Wasters

Featured Galleries

Defective by Design, London: Protest Pictures

Download Squad at the Crunchies After-Party

Android First-look: Amazon.com MP3 Store

Latest Jobs from Download Squad Jobs

Post a Job

Flickr Pool

www.flickr.com

Download Squad bloggers (30 days)

#	Blogger	Posts	Cmts
1	Jay Hathaway	111	5
2	Lee Mathews	77	34
3	Sebastian Anthony	49	159
4	Brad Linder	38	7
5	Jason Clarke	32	0
6	Grant Robertson	8	10
7	Victor Agreda, Jr.	7	1
8	Dolores Parker	7	2
9	Nik Fletcher	4	0
10	Matt Heerema	3	3
11	Paul O'Brien	2	0
12	John Burke	1	0
13	Download Squad Staff	1	0

More Tech Coverage

Control Shift It's all about the experience
Somewhat Frank Perspectives on tech as it fuses in everyday life
Switched Gadgets, web news and commentary
Urlesque Exposing bits of the web

Related Articles From Download Squad