Cyber-attackers frequently trick users into opening PDF files containing malicious code. Once opened, the code triggers security flaws in Adobe Reader and Acrobat, compromising the victim's entire computer. Read on for some tips on how to be safe when opening PDF files.
Adobe Reader, Acrobat, and Java are among the most frequently targeted software because of the humongous user base these technologies have. With the recent string of zero-day attacks in Java, many experts recommended disabling the Java plug-in in the browser so that these attacks don’t have any chance of success.
If you do need Java in the browser, we recommend having a dedicated browser with Java enabled, and you should use it only when running that Java-based application. A browser without Java should be used to visit every other site online.
It's difficult to make a similar recommendation for Adobe Acrobat and Reader, and for competitors such as FoxIt Reader, since everyone relies heavily on PDF. Even if you don't use Reader or Acrobat, you should take note of the below suggestions, develop good habits, and reduce your chances of getting hit by an attack for when the day comes that criminals start targeting other readers.
You've heard us say this before, but it is still worth repeating: Keep your PDF reader up-to-date with the latest patches, and newest version of the software. And always avoid updates from unofficial sites. If you are on a site and it tells you that your PDF reader is outdated, don't download that update. Go to the PDF reader's official site and download the updates available from the actual source.
Update from inside the software, or better yet, turn on the auto-update feature. In fact, if the application tells you that your software is up-to-date, then you know that site was malicious.
While staying up-to-date may not protect you from an attack targeting a zero-day (unknown) flaw, the majority of web attacks exploit already-known vulnerabilities. Criminals have figured out that users are notoriously bad at staying on top of the latest patches, so they don't bother spending the money, time, and energy crafting attacks targeting unknown issues in the software. Stay updated, and you knock out most of the attacks you’ll be subjected to right there and then.
If you don't have a reason to be stuck on an older version of a program, then upgrade to the latest one to take advantage of various security mitigation technologies built-in to the software. For example, Adobe offers Protected Mode in Reader and Acrobat X and XI which opens the PDF file within a sandbox. The even more restrictive Protected View blocks exploits and turns off other features, such as printing, full screen viewing, and file saving.
A common suggestion is to abandon Adobe Reader and use alternative software, but as Trend Micro's Jonathan Leopando observes: “That’s not a cure-all.”
Those applications also have to be updated on a regular basis as the vendor identifies and shuts down vulnerabilities. Currently, they are less likely to be hit with an attack because they have such a small market share – but security through obscurity "doesn’t offer much in the way of protection," Leopando said.
Disable it in the browser
Much like Java, many attacks target the plug-in which allows users to open the PDF file directly in the browser (such as when you are viewing files on a web page or sent to you as an email attachment). Instead of using the plug-in for the PDF reader, Trend Micro recommends using the browser's built-in application. Google Chrome offers a built-in PDF reader which opens the files within a sandbox to protect the user. Mozilla also just introduced a new HTML5-based PDF reader in Firefox.
It goes without saying that you should still be wary of opening PDF files from unknown sources. Even if it is a legitimate sender, it only takes a few minutes to confirm the sender meant to actually send over the file.
As always, think and stay safe online!