Researchers have discovered yet another security hole in software giant Adobe’s PDF reader, Acrobat. This is the latest in a long line of vulnerabilities in Acrobat that can allow an attacker full control over your PC if you open an infected PDF file.
Adobe has this to say about the discovery:
A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
In my opinion Acrobat has become the red headed step child of PDF readers by growing ever larger and overly complicated with each new version! The most recent version weighs in at 65MB, while free third party PDF software such as Jim’s favorite, PDF X-Change Viewer, and my favorite, Nitro PDF Reader, weigh in between 14MB and 28MB.
Acrobat Reader has also become the PDF target for miscreants set on infecting computers through exploits in its’ software, of which the latest find is just another example. My recommendation is to uninstall Acrobat Reader and choose one of the options above. You’ll be removing a popular attack vector from your computer and replacing it with a completely functional equivalent that is less likely to be targeted in the future. Adobe’s Acrobat is truly the “low hanging fruit” in the PDF software arena. As an added benefit you’ll also be removing one of the more bloated software products I’ve seen in quite a while.
So, what do you think? Remove the bloat and try another free product with less risk? -or- Wait for Adobe to release another patch and tow the Acrobat party line?
Unless a user of Adobe Reader has changed security settings wouldn’t they be protected per Adobe’s statement?
“Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012.”
Also, regarding risk, while Adobe is certainly targeted because it’s the most widely used that doesn’t lead to the conclusion that 3rd Party PDF readers are less vulnerable or that they haven’t been targeted. It’s a nice assumption but difficult to prove.
IMO, you raise a good point – is Acrobat actually more vulnerable or merely a more desirable target. It’s much the same comparison as can be made twixt Windows and Linux/Mac. However, Adobe software does have an abominable security record in general. Adobe Flash Player must be head to head with Chrome for the most often updated software on the planet. Of course, Chrome updates are generally introducing new features/enhancements, whereas Adobe is primarily patching vulnerabilities.
Anyway, the bloat alone should prompt most users to look elsewhere.
BGD, they say that version X is not affected, however there are tons of computers out there still running versions 8 and 9 that can be infected.
As far as 3rd party PDF readers being less vulnerable… I wouldn’t call it an assumption. It’s more of a logical conclusion. 🙂 I say using Adobe’s Acrobat reader is like walking through the seedy side of town while flashing a wad of $100 bills at everyone you see.
Dave,
Thanks for making it perfectly clear why to remove Adobe Acrobat Reader.
I began the job but encountered a problem when I went to uninstall it.
I don’t have Adobe Reader or Adobe Acrobat
Neither was listed in Add/Remove.
Instead I have:
Adobe Air V3.0….
Adobe Flash Player V10.0….
Adobe Flash Player V11 Plug In 64 Bit
When I look back in the files I see that Adobe ReaderV8.0… and Adobe ReaderV9.0.. were also installed.
And since I have a dual boot system Visa and W7 I see evidence of Adobe in both partitions.
Being an intermediate level computer user I am not exactly sure what to do.
I was thinking to uninstall all three Adobe listings in partitions using Revoinstaller, doing a deep clean.
And suggestions and help would be appreciated.
BRIAN
Brian, I would just remove the files/folders labeled V8 and V9 and install a 3rd party tool if they don’t show in add/remove or Revo.
I use what Brian has and Reader/Acrobat. I want something very good because I use alot of PDF’s. I run XP and would need a freebie. Thank you.
Hi Mark – If you mean free PDF viewer/reader software (with a few little extras), Dave already made reference to two very good ones in the article – PDF X-Change Viewer and Nitro PDF Reader. Clicking on the links included in the article will take you to the respective home pages.
Cheers…Jim
Or have a look at my favorite > http://foxitsoftware.com/Secure_PDF_Reader/ > Foxit PDF Cheers!
We do NOT recommend Foxit because it comes bundled with the Ask Toolbar. Don’t know about now, but in the versions I tried, if the user declined to install the Ask Toolbar some features were then disabled. Foxit is good software yes, but that ‘install the extras or else’ attitude is not acceptable – neither is the Ask Toolbar.
This is good to know. I just got a nasty pop up that kept coming up no matter how many times I clicked no or X int the right hand corner. It wanted me to let it clean up my machine as it “discovered” some very bad virus and would damage my hard drive. I finally called my “tech suppoet” on PC Security in BFE and was told that since I would not let them “take control of my machine” they would not and could not help me because it was very difficult to remove it and I couldn’t possibly do waht Ihad to, to remove it. So I said no thanks and did a restore to a couple day earlier and voila it was gone. Neverless, I am looking for a new Security company that has tech support in US. I just do not think that letting someone from a foreign country into my computer is a good idea.