{"id":853,"date":"2012-05-16T01:47:34","date_gmt":"2012-05-16T01:47:34","guid":{"rendered":"http:\/\/localhost\/camcert-live\/?p=853"},"modified":"2012-05-16T01:47:34","modified_gmt":"2012-05-16T01:47:34","slug":"camsa12-05-adobe-reader-and-acrobat-security-updates-and-architectural-improvements","status":"publish","type":"post","link":"https:\/\/www.camcert.gov.kh\/en\/camsa12-05-adobe-reader-and-acrobat-security-updates-and-architectural-improvements\/","title":{"rendered":"CamSA12-05: Adobe Reader and Acrobat Security Updates and Architectural Improvements"},"content":{"rendered":"

I. Overview\u00a0<\/strong><\/p>\n

Adobe has released Security Bulletin\u00a0APSB12-08<\/a>, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default.<\/p>\n

An attacker could exploit these vulnerabilities by convincing a user to open a specially crafted PDF file. This can happen automatically as the result of viewing a webpage.<\/p>\n

These vulnerabilities could allow a remote attacker to execute arbitrary code, write arbitrary files or folders to the file system, escalate local privileges, or cause a denial of service on an affected system as the result of a user opening a malicious PDF file.<\/p>\n

II. Effected System<\/strong><\/p>\n

– Adobe Reader
\n– Acrobat Security<\/p>\n

III. Patches<\/strong><\/p>\n

Adobe Security Bulletin\u00a0APSB12-08<\/a>\u00a0describes a number of vulnerabilities affecting Adobe Reader and Acrobat. These vulnerabilities affect Adobe Reader and Acrobat versions 9.x through 9.5, and Reader X and Acrobat X versions prior to 10.1.3.<\/p>\n

IV. Solutions<\/strong><\/p>\n

Update Reader<\/strong><\/p>\n

Adobe has released updates to address this issue. Users are encouraged to read Adobe Security Bulletin\u00a0APSB12-08<\/a>\u00a0and update vulnerable versions of Adobe Reader and Acrobat.<\/p>\n

In addition to updating, please consider the following mitigations.<\/em><\/strong><\/p>\n

Disable JavaScript in Adobe Reader and Acrobat<\/strong><\/p>\n

Disabling JavaScript may prevent some exploits from resulting in code execution. You can disable Acrobat JavaScript using the Preferences menu (Edit<\/tt>\u00a0->Preferences<\/tt>\u00a0->\u00a0JavaScript;<\/tt>\u00a0uncheck\u00a0Enable Acrobat JavaScript<\/tt>).<\/p>\n

Adobe provides a framework to\u00a0blacklist specific JavaScipt APIs<\/a>. If JavaScript must be enabled, this framework may be useful when specific APIs are known to be vulnerable or used in attacks.<\/p>\n

Prevent Internet Explorer from automatically opening PDF files<\/strong><\/p>\n

The installer for Adobe Reader and Acrobat configures Internet Explorer to automatically open PDF files without any user interaction. This behavior can be reverted to a safer option that prompts the user by importing the following as a .REG file:<\/p>\n

Windows Registry Editor Version 5.00<\/p>\n

[HKEY_CLASSES_ROOTAcroExch.Document.7]
\n\"EditFlags\"=hex:00,00,00,00<\/tt><\/p>\n

Disable the display of PDF files in the web browser<\/strong><\/p>\n

Preventing PDF files from opening inside a web browser will partially mitigate this vulnerability. Applying this workaround may also mitigate future vulnerabilities.<\/p>\n

To prevent PDF files from automatically being opened in a web browser, do the following:<\/p>\n

1. Open Adobe Acrobat Reader.
\n2. Open the\u00a0Edit<\/tt>\u00a0menu.
\n3. Choose the\u00a0Preferences<\/tt>\u00a0option.
\n4. Choose the\u00a0Internet<\/tt>\u00a0section.
\n5. Uncheck the “Display PDF in browser<\/tt>” checkbox.<\/p>\n

Do not access PDF files from untrusted sources<\/strong><\/p>\n

Do not open unfamiliar or unexpected PDF files, particularly those hosted on websites or delivered as email attachments.<\/p>\n

V. Contact Information<\/strong><\/p>\n

– Email: office@camcert.gov.kh<\/p>\n

– Tel: (855) 92 335 536 – (855) 16 888 209<\/p>\n

[message_box title=”Disclaimer” color=”yellow”]<\/p>\n

The information provided herein is on “as is” basis, without warranty of any kind.<\/p>\n

[\/message_box] <\/p>\n"},"excerpt":{"rendered":"

I. Overview\u00a0 Adobe has released Security Bulletin\u00a0APSB12-08, which describes multiple vulnerabilities affecting Adobe Reader and Acrobat. As part of this update, Adobe Reader and Acrobat 9.x will use the system-wide Flash Player browser plug-in instead of the Authplay component. In addition, Reader and Acrobat now disable the rendering of 3D content by default. An attacker […]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[13,9],"tags":[14,37],"class_list":["post-853","post","type-post","status-publish","format-standard","hentry","category-13","category-security-alert","tag-adobe","tag-security"],"_links":{"self":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/853","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/comments?post=853"}],"version-history":[{"count":0,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/posts\/853\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/media?parent=853"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/categories?post=853"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.camcert.gov.kh\/en\/wp-json\/wp\/v2\/tags?post=853"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}