PDF Vulnerability

Adobe is warning about a Critical Vulnerability in Adobe Acrobat and Adobe Reader. Until a patch is issued, be wary of any PDFs posted online or received unexpectedly via email. If a malicious PDF file is opened, the vulnerability will allow malicious files to be silently downloaded onto your system. According to reports, this vulnerability is already being exploited.

Unfortunately, a patch from Adobe will not be available until March 11. In the meantime, to keep your PC protected and prevent the exploit from running, do the following:

Disable JavaScript (this will prevent running the malicious code and is not needed for PDFs to be viewed). To disable JavaScript, go to Edit-> Preferences-> JavaScript and un-check Enable Acrobat JavaScript. (Highly Recommended)

Adobe Reader javascript preferences

As an additional safety precaution, you can also disable PDF display in browser. To prevent PDF documents from opening in your web browser, go to Edit-> Preferences-> Internet and un-check Display PDF in browser. (Optional)

Adobe Reader internet preferences

Note: If you disable the displaying of PDF files in browser, you will have to download the files onto your PC to open and view them since they will no longer open in your browser automatically.

To learn more about this vulnerability and how you can keep your PC protected, read the article in Information Week.