Adobe Advises Users to Enable Protect View Until Reader Zero-Day Is Fixed

Written by lakkireddymadhu

IT’S PDF TIME:

We heard and read IE, Java, and Flash zero-days in a row in the past several months, and now it’s PDF’s turn. Security experts identified that a PDF zero-day is being exploited in the wild, and observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1.

Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the call back component, which talks to a remote domain.

adobe-acrobat-logo

Adobe said there are two vulnerabilities (CVE-2013-0640 and CVE-2013-0641) affecting Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Mac OS X systems. Active exploits are using malicious PDFs attached to phishing messages purporting to be a travel visa application called Visa form Turkey.pdf.

Adobe said it is working on an emergency patch for the popular document reader. In the meantime, it urges users to enable the product’s Protected View feature, which is off by default.

Protected View was introduced into Acrobat in version 10.1 and Reader in 11.0 for Windows; it is a read-only mode that blocks executable files until the user decides the document is trustworthy.

Protected View (Windows only)

Protected View provides an additional level of security. When Protected View in enabled, PDFs are displayed in a restricted environment called a sandbox. This isolation of the PDFs reduces the risk of security breaches in areas outside the sandbox. Adobe strongly recommends that you use Acrobat in Protected View if you are concerned about security, or if you frequently interact with PDFs on the Internet.

When Protected View is enabled, only basic navigation is allowed. For example, 
you can open PDFs, scroll through pages, and click links. 
You can enable Protected View in a PDF that you view in either stand-alone Acrobat or in a web browser.

protected_view_popup

If you trust the PDF and where it came from, click Enable All Features. The PDF is added to your list of privileged locations and is trusted from then on.

Enable Protected View

Unlike Protected Mode in Reader, Protected View in Acrobat is off by default.

  1. Choose Edit > Preferences.
  2. From the categories on the left, select Security (Enhanced).
  3. Select the Enable Enhanced Security option.
 You can find out whether a PDF opened in a browser is in Protected View. 
Right-click the document in the browser and choose Document Properties. 
Click the Advanced tab. When Protected View is enabled, the status says Protected Mode: On.

Besides this option, users could install alternative readers, such as FoxitPDF-Xchange ViewerSumatra and Nitro among others.

source: Adobe, fireeye, zednet, pcadvisor

4 thoughts on “Adobe Advises Users to Enable Protect View Until Reader Zero-Day Is Fixed

  1. My brother suggested I might like this website. He was
    once totally right. This publish actually made my day.
    You can not imagine just how a lot time I had spent for this information!
    Thanks!

    Reply

  2. Hello excellent website! Does running a blog such
    as this take a lot of work? I have absolutely no understanding
    of programming however I was hoping to start my own blog in the near future.
    Anyway, should you have any suggestions or techniques for new blog owners please share.

    I know this is off subject however I simply needed to ask.
    Thank you!

    Reply

Leave a Reply

Fill in your details below or click an icon to log in:

Gravatar
WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Cancel

Connecting to %s