Jun 9, 2010

GOVT WARNING: Adobe Reader targeted by hackers

                    National Cyber Alert System  Cyber Security Alert SA10-159A
Adobe Flash, Reader, and Acrobat Vulnerability    Original release date: June 08, 2010

Systems Affected
     * Adobe Flash Player
     * Adobe Reader and Acrobat
     Other Adobe products that support Flash may also be vulnerable.
   There is a vulnerability in Flash Player that also affects Adobe  Reader and Acrobat. An attacker could exploit this vulnerability to   take control of your computer.
 Disable Flash in your web browser

   Uninstall Flash or restrict which sites are allowed to run Flash.    To the extent possible, only run trusted Flash content on trusted  domains. For more information, see Securing Your Web Browser.   Disable JavaScript in Adobe Reader and Acrobat

   Disabling JavaScript may prevent some exploits. To disable  JavaScript in Acrobat, do the following:

   1. Open Adobe Acrobat Reader.
   2. Open the Edit menu.
   3. Choose the Preferences option.
   4. Choose the JavaScript section.
   5. Uncheck the "Enable Acrobat JavaScript" checkbox.

 Disable the display of PDF documents in the web browser

   Preventing PDF documents from opening inside a web browser will    partially protect you against this vulnerability. Applying this  workaround may also protect you against future vulnerabilities.

   To prevent PDF documents from automatically being opened in a web  browser, do the following:

   1. Open Adobe Acrobat Reader.
   2. Open the Edit menu.
   3. Choose the Preferences option.
   4. Choose the Internet section.
   5. Uncheck the "Display PDF in browser" checkbox.

 Do not access PDF documents from untrusted sources

   Do not open unfamiliar or unexpected PDF documents, particularly    those hosted on websites or delivered as email attachments. Please  see Cyber Security Tip ST04-010.


   Adobe Security Advisory APSA10-01 describes a vulnerability in    Flash Player that can also be exploited using Adobe Reader and  Acrobat. This Flash content could be on a web page, in a PDF  document, in an email attachment, or embedded in another file.

   By convincing you to open malicious Flash content, an attacker may  be able to take control of your computer or cause it to crash.

 * Security Advisory for Flash Player, Adobe Reader and Acrobat -   <http://www.adobe.com/support/security/advisories/apsa10-01.html>

 * US-CERT Technical Alert TA10-159A -
   The most recent version of this document can be found at:  <http://www.us-cert.gov/cas/alerts/SA10-159A.html>
   Feedback can be directed to US-CERT Technical Staff. Please send  email to <cert@cert.org> with "SA10-159A Feedback VU#486225" in
   the subject.
   For instructions on subscribing to or unsubscribing from this  mailing list, visit <http://www.us-cert.gov/cas/signup.html>.

No comments: