US-CERT Alert TA12-101B -- Adobe Reader and Acrobat Security Updates and Architectural Improvements

 

                    National Cyber Awareness System

 

              Technical Cyber Security Alert TA12-101B

 

 

Adobe Reader and Acrobat Security Updates and Architectural Improvements

 

   Original release date: April 10, 2012

   Last revised: --

   Source: US-CERT

 

 

Systems Affected

 

  * Adobe Reader X (10.1.2) and earlier 10.x versions for Windows and Macintosh

  * Adobe Reader 9.5 and earlier 9.x versions for Windows, Macintosh, and UNIX

  * Adobe Acrobat X (10.1.2) and earlier 10.x versions for Windows and Macintosh

  * Adobe Acrobat 9.5 and earlier 9.x versions for Windows and Macintosh

 

 

Overview

 

   Adobe has released Security Bulletin APSB12-08, which describes

   multiple vulnerabilities affecting Adobe Reader and Acrobat. As

   part of this update, Adobe Reader and Acrobat 9.x will use the

   system-wide Flash Player browser plug-in instead of the Authplay

   component. In addition, Reader and Acrobat now disable the

   rendering of 3D content by default.

 

 

Description

 

   Adobe Security Bulletin APSB12-08 describes a number of

   vulnerabilities affecting Adobe Reader and Acrobat. These

   vulnerabilities affect Adobe Reader and Acrobat versions 9.x

   through 9.5, and Reader X and Acrobat X versions prior to 10.1.3.

 

   The Adobe ASSET blog provides additional details on new security

   architecture changes to Adobe Reader and Acrobat. Adobe Reader and

   Acrobat 9.5.1 will use the Adobe Flash Player plug-in version

   installed on the users system rather than the Authplay component

   that ships with Adobe Reader and Acrobat. This change helps limit

   the number of out-of-date, vulnerable Flash runtimes available to

   an attacker. Adobe Reader and Acrobat 9.5.1 also now disable

   rendering of 3D content by default because the 3D rendering

   components have a history of vulnerabilities.

 

   US-CERT recommends that Flash users upgrade to the latest version

   of Adobe Flash Player and turn on automatic updates.

 

   An attacker could exploit these vulnerabilities by convincing a

   user to open a specially crafted PDF file. This can happen

   automatically as the result of viewing a webpage.

 

 

Impact

 

   These vulnerabilities could allow a remote attacker to execute

   arbitrary code, write arbitrary files or folders to the file

   system, escalate local privileges, or cause a denial of service on

   an affected system as the result of a user opening a malicious PDF

   file.

 

 

Solution

 

   Update Reader

 

   Adobe has released updates to address this issue. Users are

   encouraged to read Adobe Security Bulletin APSB12-08 and update

   vulnerable versions of Adobe Reader and Acrobat.

 

   In addition to updating, please consider the following mitigations.

 

   Disable JavaScript in Adobe Reader and Acrobat

 

   Disabling JavaScript may prevent some exploits from resulting in

   code execution. You can disable Acrobat JavaScript using the

   Preferences menu (Edit -> Preferences -> JavaScript; uncheck Enable

   Acrobat JavaScript).

 

   Adobe provides a framework to blacklist specific JavaScipt APIs. If

   JavaScript must be enabled, this framework may be useful when

   specific APIs are known to be vulnerable or used in attacks.

 

   Prevent Internet Explorer from automatically opening PDF files

 

   The installer for Adobe Reader and Acrobat configures Internet

   Explorer to automatically open PDF files without any user

   interaction. This behavior can be reverted to a safer option that

   prompts the user by importing the following as a .REG file:

 

   Windows Registry Editor Version 5.00

 

   [HKEY_CLASSES_ROOT\AcroExch.Document.7]

   "EditFlags"=hex:00,00,00,00

 

   Disable the display of PDF files in the web browser

 

   Preventing PDF files from opening inside a web browser will

   partially mitigate this vulnerability. Applying this workaround may

   also mitigate future vulnerabilities.

 

   To prevent PDF files from automatically being opened in a web

   browser, do the following:

 

   1. Open Adobe Acrobat Reader.

   2. Open the Edit menu.

   3. Choose the Preferences option.

   4. Choose the Internet section.

   5. Uncheck the "Display PDF in browser" checkbox.

 

   Do not access PDF files from untrusted sources

 

   Do not open unfamiliar or unexpected PDF files, particularly those

   hosted on websites or delivered as email attachments. Please see

   Cyber Security Tip ST04-010.

 

 

References

 

 * Security update available for Adobe Reader and Acrobat -

   <https://www.adobe.com/support/security/bulletins/apsb11-30.html>