Adobe Systems has issued a security advisory for critical vulnerabilities identified in Adobe Reader and Acrobat.
These vulnerabilities are already being exploited through sophisticated and targeted attacks that install malware, steal passwords, record keystrokes and collect other system information. There is no fix available at this time, but users are strongly encouraged to upgrade to the latest versions of their software and implement the following workarounds.
Windows users:
Configure the application to open PDFs in Protected Mode. To do this, open the program and go to the Edit > Preferences > Security (Enhanced) menu. Check the box labeled “Enable Protected Mode at startup” and click the button for Protected View > All files.
Mac OS X users:
View PDFs via Preview instead of Adobe. To do this, right click on any PDF file. Choose “Get Info”. Use the “Open with:” option and select Preview as your default PDF reader.
Linux users:
There are no workarounds for Linux at this time, except the option to switch to an alternate PDF reader.
As always, the best defense is to avoid opening any unsolicited or unfamiliar files. This advisory will be updated when a fix becomes available.
-Computing and Communications and the Information Systems Security Officer