UMBC logo

« Hybrid Learning Faculty Presentations | Main | DoIT Announces Changes in How to Request Technical Support »

February 20, 2009

Important Security Alert For Adobe Reader and Acrobat

Security vulnerability Identified in Adobe Reader and Adobe Acrobat version 9 and earlier.

Adobe announced a security vulnerability on February 19th for Adobe Reader and Adobe Acrobat version 9.0 and earlier. Because of the wide-spread use of Adobe Reader and Acrobat we wanted to let campus IT staff know of this issue.

The security alert states that all platforms are vulnerable. The attack occurs a malicious PDF is opened. This seems to be a result of a buffer overflow in the javascript engine. Disabling Javascript inside Adobe is an effective precaution. A patch is expected by March 11. The best thing you can do till then is be careful in opening PDF files. Mac users should use Preview in lieu of Adobe Reader. Adobe is working with anti-virus vendors on developing a signature to help mitigate this and DoIT will deploy this as soon as it becomes available.

Once Adobe releases a patch we will let you know and encourage updates. If we notice this becoming an active vector on campus we will let you know as well and work to communicate this on campus.


Comments (1)

According to an article in Computerworld:

  • Adobe Reader 9 will be patched before versions 7 or 8.

  • Reader 9 may not be patched before 3/11.

  • The attack vector can be shut down by disabling JavaScript in Adobe Reader.

PDF readers that don't support JavaScript, e.g., Evince and probably KPDF, are not vulnerable. The article has instructions for disabling JavaScript in the Adobe product.

Post a comment

(If you haven't left a comment here before, you may need to be approved by the site owner before your comment will appear. Until then, it won't appear on the entry. Thanks for waiting.)