Threat Level: green Handler on Duty: Didier Stevens

SANS ISC: Adobe Update is finally out, well, some of them - Internet Security | DShield SANS ISC InfoSec Forums


Sign Up for Free!   Forgot Password?
Log In or Sign Up for Free!
Adobe Update is finally out, well, some of them

Thank you all that wrote in letting us know that the Adobe Update for Reader and Acrobat 9 is finally out.  Swa pointed this out in his diary right here.  However, I wanted to expand upon the update a little bit, because I still find it to be "wanting".

Adobe has named this release "9.1" for both Adobe Reader and Adobe 9 (Standard, Pro, and Pro Extended).  The patch is out for Windows and Macintosh only, however. 

Adobe says they plan for updates to Reader 7 and 8 and Acrobat 7 and 8 to be out by March 18th.  They also plan to make Adobe Reader 9.1 available for Unix by March 25th.

As a work around, Adobe says to refer to this post for a work around on how to disable Javascript so that you won't be affected, however, as our readers of the Internet Storm Center and the VRT Blog know, this is not a Javascript exploit, and you can still be exploited without javascript turned on!

So, Adobe did fix the issue for users of "9" on Windows and Mac, but the other platforms are still vulnerable.  If you are using Adobe 7 or 8, if you can update to 9.1, that would be for the best.

(Yes, I work for Sourcefire.)

-- Joel Esler http://www.joelesler.net

Joel

454 Posts
ISC Handler
Another way to give your users a fighting chance is to de-integrate PDF from opening directly inside of Internet Explorer. Desktop antivirus will have a better chance to examine the PDF and the user may twig to something being wrong with an unexpected prompt to open a PDF when they are browsing the web.

http://www.kb.cert.org/vuls/id/666281
Andrew

41 Posts
Nice idea!
Joel

454 Posts
ISC Handler
Echo'ing Andrew's suggestion, you can use the PDF Download add-on for Firefox (https://addons.mozilla.org/en-US/firefox/addon/636) to force the download of all PDFs instead of them opening inside your browser.
Jasey

93 Posts
You can extract the msi and cab files from the exe.

See: http://kb.adobe.com/selfservice/viewContent.do?externalId=kb404146
Anonymous
And I can chip in that it took up to two days for Help, Update to work for interactive updates. I find that doing this will leave your preferences intact if you've removed Acrobat.com and AIR from your Adobe Reader. If you have removed these two and then launch the full installer, it will not respect your subsequent choice where you removed them via Add-Remove Control Panel and will do a full install and you will get Acrobat.com and AIR back again.
Andrew

41 Posts

Sign Up for Free or Log In to start participating in the conversation!