Skip to Navigation | Skip to Content

Active exploits against Acrobat, PDF Reader (2/14/13)

« 1-14-2013: [UPDATE] Active Zero-Day Java Exploit | Main | Connect-Direct, February 2013 »

There are various reports from multiple trusted sources about an active exploit affecting Adobe Acrobat and Adobe Acrobat Reader. At this time there is no security patch available to protect against this attack, however, enabling "Protected Mode" or "Protected View" in Adobe Acrobat Reader X/XI and Acrobat X/XI may mitigate a compromise.

There are various reports from multiple trusted sources about an active exploit affecting Adobe Acrobat and Adobe Acrobat Reader. At this time there is no security patch available to protect against this attack, however, enabling "Protected Mode" or "Protected View" in Adobe Acrobat Reader X/XI and Acrobat X/XI may mitigate a compromise.

Note: These features are not available in older versions of Adobe Reader or Acrobat.

Affected Operating Systems:

  1. Windows XP
  2. Windows Vista
  3. Windows 7
  4. Windows 8


Adobe Acrobat Reader X / XI - Windows (free version):
While Reader X/Xi run in "Protected Mode" by default, you may wish to verify that the feature is enabled. To check the status, do the following:

Choose File > Properties > Advanced > Protected Mode

To turn on protected mode:

  1. Choose Edit > Preferences
  2. In the Categories list on the left, select General
  3. Select Enable Protected Mode at startup


Adobe Acrobat X / XI - Windows (paid version):
In the full paid version of Adobe Acrobat, "Protected View" is not enabled by default. For more information on how to enable "Protected View" in Acrobat X/XI see:

https://blogs.adobe.com/pdfitmatters/2011/06/protected-view-in-acrobat-x-version-10-1.html

Enabling "Protected View" may disable or break certain functionality so it is imperative you test this feature against your standard application usage and business processes.


Adobe Acrobat X / XI and Reader X / XI Updates:
Adobe Acrobat X/XI and Reader X/XI are set to check for security updates regularly. When prompted to install these security updates, you should click "Yes" and follow the on-screen instructions. In certain cases, a restart of your computer may be required.

To manually check for updates, do the following:

  1. Open the Adobe application
  2. Click on the Help option along the top menu bar
  3. Click on Check for updates now (or Updates)
  4. Follow the on-screen instructions.


If you need assistance with any of the aforementioned, contact your local Systems Administrator or the IT Service Desk, open 24x7x365. In New York, call 212-998-3333; in Abu Dhabi call 02-628-8888. For full contact information at all NYU global sites, see www.nyu.edu/its/askits/helpdesk

Sources:
[1] http://blog.fireeye.com/research/2013/02/in-turn-its-pdf-time.html
[2] https://www.adobe.com/support/security/advisories/apsa13-02.html
[3] https://blogs.adobe.com/pdfitmatters/2011/06/protected-view-in-acrobat-x-version-10-1.html
[4] https://krebsonsecurity.com/2012/11/experts-warn-of-zero-day-exploit-for-adobe-reader/