December 15, 2009, 3:22 PM — Poor Adobe, they're just not doing well with security lately. No sooner do they patch a bunch of serious Adobe Flash Player security bugs, than another zero-day exploit is unveiled. This time Adobe Reader and Acrobat are the targets, and regardless of whether you're running Linux, Mac OS X, or Windows, you're vulnerable.
[ See also: Adobe warns of Reader, Acrobat attack in the wild ]
What makes this even worse is that, like Flash, almost everyone uses Adobe Reader to read PDF (Portable Document Format) files. So, in short, almost everyone could be tripped up by this security hole.
Symantec staffer, Joji Hamada, uncovered this newest Adobe bug just in time for the holidays. Hamanda reported that "We received a tip from a source that there is a possible Adobe Reader and Acrobat 0-day vulnerability in the wild. We have indeed confirmed the existence of a 0-day vulnerability in these products."
The bug can get at you if you open a specially-crafted PDF file. Like so many other bugs of this kind, the most likely way it has of getting at you is through an e-mail attachment. If you open an infected PDF, the attacker can use the Adobe products to try to dump malware on your computer.
As you would expect, this attack is currently being used against Windows systems, but it potentially could be used against Macs and Linux desktops as well. Hamada wrote that "When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H.
As such things go, this is a relatively harmless Windows Trojan horse program. Its main job is to pave the way for other, more dangerous, malware to arrive on your Windows PC.
Adobe has acknowledged the problem. The company is "currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."
So what should you do in the meantime? Shadowserver claims that the problem is really in how Reader and Acrobat handle JavaScript. So, their recommended quick fix is to turn JavaScript off with "Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript". Since, I can't think of many reasons why you'd want JavaScript running in Reader, I'd just keep the setting that way for keeps.
Finally, you can do what you should always do with any e-mail that comes with an unexpected attachment, such as those almost always bogus Hallmark e-cards: Don't Open It.
