Open main menu
Home
Random
Recent changes
Special pages
Community portal
Preferences
About Wikipedia
Disclaimers
Incubator escapee wiki
Search
User menu
Talk
Dark mode
Contributions
Create account
Log in
Editing
Adobe Acrobat
(section)
Warning:
You are not logged in. Your IP address will be publicly visible if you make any edits. If you
log in
or
create an account
, your edits will be attributed to your username, along with other benefits.
Anti-spam check. Do
not
fill this in!
==Security== A comprehensive list of security bulletins for most Adobe products and related versions is published on their ''Security bulletins and advisories'' page and in other related venues.<ref>{{cite web|url=https://helpx.adobe.com/security.html#acrobat |title= Security Bulletins and Advisories |work=adobe.com |publisher=[[Adobe Systems]]}}</ref><ref>{{cite web|url=http://www.locklizard.com/pdf_security_news/ |title=Adobe PDF Security Issues, Acrobat Vulnerabilities, PDF Cracks |publisher=[[Locklizard]]}}</ref> In particular, the detailed history of security updates for all versions of Adobe Acrobat has been made public.<ref>{{cite web|url=https://helpx.adobe.com/security/products/acrobat.html |title=Security Bulletins and Advisories β Adobe Acrobat |work=adobe.com|publisher=[[Adobe Systems]]}}</ref> From Version 3.02 onwards, Acrobat Reader has included support for [[JavaScript]]. This functionality allows a PDF document creator to include code which executes when the document is read. Malicious PDF files that attempt to attack [[Malware#Security defect|security vulnerabilities]] can be attached to links on web pages or distributed as email attachments. While JavaScript is designed without direct access to the file system to make it "safe", vulnerabilities have been reported for abuses such as distributing malicious code by Acrobat programs.<ref>{{cite web |url=http://lwn.net/Articles/129729/ |title=Unexpected features in Acrobat 7 |last=Brockmeier |first=Joe |date=30 March 2005 |access-date=20 February 2009 |work=[[LWN.net]] |publisher=Eklektix}}</ref> Adobe applications had already become the most popular client-software targets for attackers during the last quarter of 2009.<ref>{{cite web |url=http://mcafee.com/us/local_content/reports/threats_2009Q4_final.pdf |title=McAfee Threats Report: Fourth Quarter 2009 |publisher=McAfee Avert Labs |page=16 |date=February 2010 |access-date=9 May 2010 |url-status=dead |archive-url=https://web.archive.org/web/20100215182751/http://www.mcafee.com/us/local_content/reports/threats_2009Q4_final.pdf |archive-date=15 February 2010 }}</ref> [[McAfee]] predicted that Adobe software, especially Reader and [[Adobe Flash|Flash]], would be the primary target for software attacks in the year 2010.<ref> {{cite web |url=http://mcafee.com/us/local_content/reports/7985rpt_labs_threat-predict_0110_fnl_lores.pdf |title=2010 Threat Predictions |publisher=McAfee Labs |page=2 |date=December 2009 |access-date=9 May 2010 |archive-url=https://www.webcitation.org/5qBbtBYx6?url=http://mcafee.com/us/local_content/reports/7985rpt_labs_threat-predict_0110_fnl_lores.pdf |archive-date=2 June 2010 |url-status=dead |df=dmy-all }} </ref> ===September 2006 warning=== On September 13, 2006, David Kierznowski provided sample PDF files illustrating [[JavaScript]] vulnerabilities. Since at least version 6, JavaScript can be disabled using the preferences menu<ref>{{cite web |url = https://www.zdnet.com/article/adobe-turn-off-javascript-in-pdf-reader/ |title = Adobe: Turn off JavaScript in PDF Reader |first = Ryan |last = Naraine |date = 28 April 2009 |work = [[ZDNet]] |publisher = [[CBS Interactive]] }} </ref> and embedded URLs that are launched are intercepted by a security warning dialog box to either allow or block the website from activating.<ref>{{cite web |url = http://www.eweek.com/article2/0,1895,2016606,00.asp |archive-url = https://archive.today/20130108143735/http://www.eweek.com/article2/0,1895,2016606,00.asp |url-status = dead |archive-date = January 8, 2013 |title = Hacker Discovers Adobe PDF Back Doors |first = Ryan |last = Naraine |date = 15 September 2006 |work = [[eWeek]] |publisher = Ziff Davis Enterprise Holdings Inc |access-date = 5 August 2011 |quote = David Kierznowski, a penetration testing expert specializing in Web application testing, has released proof-of-concept code and rigged PDF files to demonstrate how the Adobe Reader program could be used to initiate attacks without any user action. }}</ref> ===February 2009 warning=== On February 19, 2009, Adobe released a Security Bulletin announcing JavaScript vulnerabilities in Adobe Reader and Acrobat versions 9 and earlier.<ref>{{cite web|title=Security Updates available for Adobe Reader and Acrobat versions 9 and earlier|url=https://www.adobe.com/support/security/advisories/apsa09-01.html|work=adobe.com|publisher=[[Adobe Systems]]|access-date=11 August 2013|date=19 February 2009}}</ref> As a workaround for this issue, [[US-CERT]] recommended disabling JavaScript in the affected Adobe products, canceling integration with [[Windows shell]] and web browsers (while carrying out an extended version of de-integration for [[Internet Explorer]]), deactivating Adobe indexing services and avoiding all PDF files from external sources.<ref name="USCERT905281">{{cite web |url=http://www.kb.cert.org/vuls/id/905281 |title=Vulnerability Note VU#905281 |publisher=[[US-CERT]] |date=20 February 2009 |access-date=20 February 2009 |archive-url= https://web.archive.org/web/20090223105204/http://www.kb.cert.org/vuls/id/905281 |archive-date= 23 February 2009 |url-status= live }}</ref> ===February 2013 warning=== Adobe has identified critical vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. There have been reports of these vulnerabilities being exploited to trick Windows users into clicking on a malicious PDF file delivered in an email message. Adobe recommended users update their product installations.<ref>{{cite web |url = https://www.adobe.com/support/security/advisories/apsa13-02.html |title = Security Advisory for Adobe Reader and Acrobat |publisher = [[Adobe Systems]] }} </ref> ===January 2016 warning=== Adobe has released security updates for Adobe Acrobat and Reader for Windows and Macintosh. These updates address critical vulnerabilities that could potentially allow an attacker to take control of the affected system.<ref>{{cite web |url = https://helpx.adobe.com/security/products/acrobat/apsb16-02.html |title = Security Advisory for Adobe Reader and Acrobat |publisher = [[Adobe Systems]] }}</ref><ref>{{cite web |url = https://www.us-cert.gov/ncas/current-activity/2016/03/08/Adobe-Releases-Security-Updates-Acrobat-Reader-and-Digital-Editions |title = Adobe Releases Security Updates for Acrobat, Reader, and Digital Editions |publisher = [[United States Computer Emergency Readiness Team]] }}</ref>
Edit summary
(Briefly describe your changes)
By publishing changes, you agree to the
Terms of Use
, and you irrevocably agree to release your contribution under the
CC BY-SA 4.0 License
and the
GFDL
. You agree that a hyperlink or URL is sufficient attribution under the Creative Commons license.
Cancel
Editing help
(opens in new window)