LINKS
INSTRUCTION
STRINGS
ACCESSORIES
MUSIC
 The Steel Guitar Forum Store 
Our Online Store
b0b's Steel Links

The Steel Guitar Forum

Help Search Join Private Messages Log in


Post new topic New Adobe Reader and Acrobat patch coming on Apr 13, 2010
Reply to topic
Forum Index > Computers Next oldest topic :: Next newest topic
Author Topic:  New Adobe Reader and Acrobat patch coming on Apr 13, 2010
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 8 Apr 2010 10:46 pm    
Reply with quote
I just wrote a blog article detailing a new critical vulnerability discovered in Adobe Reader and Acrobat, for which a patch is going to be released on Tuesday, April 13, 2010. The vulnerability allows a PDF document to launch embedded executables, or a browser with a malware URL destination, after obtaining the permission of the user. The author is able to display any message they choose to the victim, using social engineering tricks to fool recipients into launching the embedded malware or going to the attack website.

My article shows how to disable the functions that allow this attack vector to succeed, along with two other vectors. If you have Adobe Reader or Acrobat and use it at all, this article and the patch to be released are of critical importance to you. It also shows you how to enable automatic updating of Reader.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website
Wiz Feinberg


From:
Mid-Michigan, USA
Post  Posted 11 Apr 2010 7:53 am     Doh! Now what?
Reply with quote
I'm tryin ta think but nuthin happens!

It appears, after reading another security article, that Adobe is not necessarily going to address the vulnerability I exposed in my blog post, referred to in my original post. While they are releasing patches for various "unspecified" vulnerabilities, the one exploiting the built-in "/Launch" feature may fall through the cracks. Apparently, many companies rely upon this feature, as well as the Adobe implementation of JavaScript, to manage PDF documents they distribute to their employees and managers.

Therefore, since it appears Adobe won't be altering the default behavior for launching or opening embedded executables in external applications, you need to do so yourselves. Open Adobe Reader, click on Edit, then go down to Preferences and click on it. When the Preferences window opens look for the left sidebar option labeled "Trust Manager" and click on it. When the Trust Manager options load, uncheck the top option labeled: "Allow opening of non-PDF file attachments with external applications." Click OK to save and exit the Preferences, or set other preferences, save and exit.

Make it a point to open your PDF reader and check for updates once a month, on the second Tuesday of each month. Adobe now times its patches to coincide with Microsoft's Patch Tuesdays.
_________________
"Wiz" Feinberg, Moderator SGF Computers Forum
Security Consultant
Twitter: @Wizcrafts
Main web pages: Wiztunes Steel Guitar website | Wiz's Security Blog | My Webmaster Services | Wiz's Security Blog
View user's profile Send private message Send e-mail Visit poster's website
Forum Index > Computers Next oldest topic :: Next newest topic
  Reply to topic

All times are GMT - 8 Hours
Jump to:  

Our Online Catalog
Strings, CDs, instruction,
steel guitars & accessories
www.SteelGuitarShopper.com
Please review our Forum Rules and Policies

Steel Guitar Forum LLC
PO Box 237
Mount Horeb, WI 53572 USA


Click Here to Send a Donation

Email admin@steelguitarforum.com for technical support.

Powered by phpBB © 2001, 2005 phpBB Group
BIAB Styles
Ray Price Shuffles for
Band-in-a-Box
by Jim Baron
HTTP