Email
Access mail@ucsf
VPN
HelpCritical Security Update: Adobe Reader and Acrobat, Feb. 12, 2008
WHAT HAPPENED:
Adobe has released Security Advisory APSA08-01 to address multiple vulnerabilities affecting Adobe Reader and Acrobat. The most severe of these vulnerabilities could allow a remote attacker to execute arbitrary code.
At least one of these vulnerabilities is being actively exploited.
For a complete description of the security enhancement, refer to Adobe’s Security Advisory APSA08-01 http://www.adobe.com/support/security/advisories/apsa08-01.html.
AFFECTED SOFTWARE:
*Adobe Reader version 8.1.1 and earlier
*Adobe Acrobat Professional, 3D and Standard versions 8.1.1 and earlier
WHAT YOU NEED TO DO TO PROTECT YOUR SYSTEM:
1. UPGRADE to Adobe Reader or Acrobat to version 8.1.2
*Prior to taking any action, please contact your Computer Support Coordinator (CSC). S/He will be able to assist you in applying the update.
*If you do not have a CSC, updates may be obtained from Adobe’s Security Advisory APSA08-01 http://www.adobe.com/support/security/advisories/apsa08-01.html.
Preventing PDF documents from opening inside a web browser may mitigate this vulnerability. Applying the following workaround in conjunction with upgrading may prevent similar vulnerabilities from being automatically exploited.
2. Disable web browser display for PDF Documents
3. Disable automatic opening of PDF documents in Microsoft Internet Explorer
4. Disable JavaScript in Adobe Reader and Acrobat
Refer to US-CERT Technical Cyber Security Alert TA08-043A http://www.us-cert.gov/cas/techalerts/TA08-043A.html on how to disable the web browser display, automatic opening of PDF documents and how to disable Javacript.
ADDITIONAL INFORMATION:
Enterprise Information Security
http://security.ucsf.edu
US-CERT Technical Cyber Security Alert TA08-043A
http://www.us-cert.gov/cas/techalerts/TA08-043A.html
Customer Support
Office of Academic & Administrative Information Systems (OAAIS)
7 a.m. - 6 p.m., Mon – Fri
(415) 514-4100, option 2
CustomerSupport@ucsf.edu