UCSF home page UCSF home About UCSF Search UCSF UCSF Medical Center

image of letter Email

blank Access mail@ucsf
blank Update spam filter
blank Reset password

image of lock VPN

blank Login to vpn@ucsf
blank VPN Help

image of phone Help

blank Login to help@ucsf
blank email us
blank Call (415) 514-4100,
blank Option 2




Advanced Search
Recent Changes

Critical Vulnerabilities in Adobe Reader and Acrobat

Adobe has released Security advisory APSB09-15, which describes numerous vulnerabilities affecting Adobe Reader and Acrobat.

An attacker could exploit this vulnerability by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a Web site.

These vulnerabilities may allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF document.

This vulnerability is being actively exploited.

For a complete description of the vulnerabilities and affected software, refer to  Adobe Security Bulletins: APSB09-15.

AFFECTED SYSTEMS:

WHAT YOU NEED TO DO TO PROTECT YOUR SYSTEM:

1. Do NOT take action if you have a Computer Support Coordinator (CSC); they will apply the update for you or assist in instructing you.

2. If you do not have a CSC:

Refer to Adobe Security Bulletins: APSB09-15 on how to obtain the latest updates for your specific software.

­ Disable JavaScript in Adobe Reader and Acrobat*

­ Prevent Internet Explorer from automatically opening PDF documents*

­ Disable the display of PDF documents in the web browser*

­ Do not access PDF documents from untrusted sources

*Refer to US-CERT Cyber Security Alert TA09-286B for instructions.

ADDITIONAL INFORMATION:

If you have questions about any of the information provided above, you may send email inquiries to security@ucsf.edu.

Teresa A. Regalia, GCIH
UCSF Enterprise Information Security
Telephone: 415-502-1567
Teresa.Regalia@ucsf.edu

OAAIS Customer Support Service Desk
7 a.m. - 6 p.m., Mon – Fri
(415) 514-4100, Option 2
customersupport@ucsf.edu
help.ucsf.edu

Please tell us what you think of our website