Critical Vulnerabilities in Adobe Reader and Acrobat
Adobe has released Security advisory APSB09-15, which describes numerous vulnerabilities affecting Adobe Reader and Acrobat.
An attacker could exploit this vulnerability by convincing a user to open a specially crafted PDF file. The Adobe Reader browser plug-in is available for multiple web browsers and operating systems, which can automatically open PDF documents hosted on a Web site.
These vulnerabilities may allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF document.
This vulnerability is being actively exploited.
For a complete description of the vulnerabilities and affected software, refer to Adobe Security Bulletins: APSB09-15.
AFFECTED SYSTEMS:
- Adobe Reader and Acrobat 9.1.3 and earlier 9.x versions
- Adobe Reader and Acrobat 8.1.6 and earlier 8.x versions
- Adobe Reader and Acrobat 7.1.3 and earlier 7.x versions
WHAT YOU NEED TO DO TO PROTECT YOUR SYSTEM:
1. Do NOT take action if you have a Computer Support Coordinator (CSC); they will apply the update for you or assist in instructing you.
2. If you do not have a CSC:
- Update your software
Refer to Adobe Security Bulletins: APSB09-15 on how to obtain the latest updates for your specific software.
- US-CERT and Adobe recommend the following to help mitigate this vulnerability:
Disable JavaScript in Adobe Reader and Acrobat*
Prevent Internet Explorer from automatically opening PDF documents*
Disable the display of PDF documents in the web browser*
Do not access PDF documents from untrusted sources
*Refer to US-CERT Cyber Security Alert TA09-286B for instructions.
ADDITIONAL INFORMATION:
- US-CERT Cyber Security Alert TA09-286B (Technical Alert)
If you have questions about any of the information provided above, you may send email inquiries to security@ucsf.edu.
Teresa A. Regalia, GCIH
UCSF Enterprise Information Security
Telephone: 415-502-1567
Teresa.Regalia@ucsf.edu
OAAIS Customer Support Service Desk
7 a.m. - 6 p.m., Mon – Fri
(415) 514-4100, Option 2
customersupport@ucsf.edu
help.ucsf.edu
