How to mitigate Adobe PDF malware attacks

Dave Kennedy and Kevin Long from Verizon’s security team are offering some of the best advice I’ve seen regarding the ongoing attacks against an unpatched Adobe Acrobat/PDF vulnerability.
I’ve complained bitterly about the lack of mitigation guidance from Adobe and I’m happy to see the Verizon researchers filling in the blanks and offering suggestions to reduce your exposure to these attacks.

Dave Kennedy and Kevin Long from Verizon’s security team are offering some of the best advice I’ve seen regarding the ongoing attacks against an unpatched Adobe Acrobat/PDF vulnerability.

I’ve complained bitterly about the lack of mitigation guidance from Adobe and I’m happy to see the Verizon researchers filling in the blanks and offering suggestions to reduce your exposure to these attacks.

From the Verizon blog post:

Mitigations (none are 100% effective, but all contribute to defensive protection):

* Disable JavaScript in Adobe Acrobat and Reader. This stops the known attacks, but does not eliminate the underlying vulnerability in JBIG2 handling. Disabling JavaScript is also effective against other PDF vulnerabilities. If JavaScript is not business-essential, consider disabling it using GPO or other enterprise-wide techniques.

* Anti-virus vendors are updating to detect malicious PDF using the new vulnerability. Some AV were preventing exploitation of this vulnerability since last summer. While AV detection is not perfect, it’s ironic to note eWeek’s blogger is making the most noise about it. Desktop, e-mail gateway and web content AV all participate in effective defense.

* IDS and IPS signatures are available.

* Disable automatic rendering of PDFs in the browser to allow the user time to decide whether to launch a file or not.

* Disable rendering of PDFs in the browser at all. This is another measure forcing the writing of a downloaded PDF to disk before it’s opened thereby giving AV a better chance to detect and block an attack.

* Encourage users to be cautious about PDFs from unknown sources or unsolicited PDFs from anyone.

* Use an alternative PDF handler.

Also see:

Adobe under fire for poor security response

Adobe PDF exploit code analysis

Suggested articles

Discussion

  • Darr247 on

    "Disable rendering of PDFs in the browser at all."

    That's the first thing I do every time I install their reader.

  • MMoyer on

    Disabling JavaScript "using GPO" link is down.

    Object not found!

    Please fix.

  • Anonymous Mr.Blanker 78 on

    hi my name is mr.Blank,my life is jakarta in indonesia?

    how u can sample in book exploit small?

    how can sample exploit code xxx new today?2010 u can??????

    please help me ????ok

    goodbye my friend

Subscribe to our newsletter, Threatpost Today!

Get the latest breaking news delivered daily to your inbox.