Adobe recently used its security blog to announce a newly discovered threat targeting the PDF format and Reader software. Users running Mac, Windows and UNIX platforms are at risk from an exploit which could be used to insert a Trojan known as ‘Troj_Pidief.Uo’. This malware creates a backdoor into your system through which complete control can be taken.
The Trojan itself is transmitted through an infected PDF file with an embedded JavaScript agent. At the time Adobe suggested that turning off Java would reduce the risk of infection, although there was no confirmation that this temporary solution would work in all scenarios. The potential for the creation of a similar Trojan which does not require the Java element was also highlighted, which would render simply turning off Java entirely ineffective. Users of Windows Vista with Data Execution Prevention (DEP) activated are automatically protected from infection. The malware affects all versions of Acrobat up to and including 9.1.3.
The first attacks on unprotected computers were confirmed in Taiwan by a security task force and Adobe thanked the group in their initial blog post. The initial attacks were aimed at specific targets, but the bug could be used to impact the wider online community.
At a recent conference Adobe’s chief technical officer was positive in the face of ever increasing attacks on Adobe’s formats. Kevin Lynch explained that although security risks were more common for both Reader and Flash, a dedicated security task force is working to fix vulnerabilities as and when they appear. This has enabled Adobe to reduce the elapsed time between a bug being identified and a critical fix being issued to 14 days or less.
Adobe also works in tandem with anti-virus software providers in order to quickly protect its customers from any bugs. It is this kind of interdisciplinary co-operation that is necessary to tackle the persistent, damaging threat of malware. In the case of this recent exploit Adobe has already issued a remedy included in the Reader security update, released on the 13th October. As such all PDF and Reader users are now being urged to install the update as soon as possible, as well as to keep their anti-virus software up to date.
