Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 25th, 2009

F-Secure Says Users Should Stop Using Adobe Acrobat Reader

As if the fact that Adobe Acrobat Reader is bloated and slow isn’t enough, more than 47 percent of attacks this year exploit holes in it. With all the Internet attacks that exploit Adobe Acrobat Reader people should switch to using an alternative PDF reader, a security expert said at the RSA security conference on Tuesday.

Just last month, Adobe issued a fix for an Acrobat Reader hole that attackers had been exploiting for months, after issuing a patch for a critical vulnerability in Flash player the month before.

In 2008, the favored targeted attack vector was Microsoft Word, which had 15 known vulnerabilities (compared to Acrobat Reader’s 19) and which represented 34.5 percent of the attacks (compared to 28.6 percent for Acrobat Reader).

Top-level executives, defense contractors, and other people who have access to specific sensitive corporate or government information are subject to targeted attacks where an attacker sends a file that has malicious code embedded in it. Once the file is opened, the computer is infected typically with a back door that then steals data.

PDF and Flash browser plug-ins are also used in attacks known as “drive-by downloads” in which malware is surreptitiously downloaded onto a computer while the user is surfing the Web. The number of PDF files used in attacks rose from 128 between January 1 and April 16 last year to more than 2,300 in that same time period during this year, said Mikko Hypponen, chief research officer of security firm F-Secure.

Adobe “has a lot to learn from, of all places, Microsoft,” which offers regular security patches on a monthly basis as part of Patch Tuesday, Hypponen said.

Part of the problem is people don’t expect that Acrobat Reader upgrades necessarily contain important security patches like they do with Microsoft software, he said.

Hypponen did not recommend a PDF reader, but said Acrobat Reader alternatives are listed on the Web site. An obvious Acrobat Reader alternative for Windows would be Foxit Reader. A ZIP package with a latest version that needs no installation can be downloaded here.

Credit: CNET News

Share this item with others:

More on CyberInsecure:
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks
  • Adobe Patches Older Reader PDF Flaw, In Total 8 Vulnerabilities Patched

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: F-Secure Says Users Should Stop Using Adobe Acrobat Reader

    2 Responses to “F-Secure Says Users Should Stop Using Adobe Acrobat Reader”

    1. Foxit requires you install their toolbar into your browser.

    2. CyberInsecure Says:
      November 8th, 2010 at 5:28 am

      Gene: No, its not mandatory. You can use it without installing the toolbar.

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.