Adobe recommends workaround for critical holes in Reader

Adobe recommends that Windows users activate the Protected View feature for "Files from potentially unsafe locations"

In a new advisory, Adobe has warned of critical zero-day holes in its Reader and Acrobat PDF viewers, which are already being actively exploited in attacks by cyber criminals. The vulnerabilities were detected when security researchers from FireEye examined a PDF file in circulation.

The specially crafted PDF document appears to exploit several security holes to inject malicious code into a system when the document is opened; Adobe's advisory says the two critical vulnerabilities at the core of the problem have been assigned the identifiers CVE-2013-0640 and CVE-2013-0641. The company says that the vulnerabilities affect the current versions of Reader as well as the current versions of Acrobat for Windows and Mac OS X. A patch is already in preparation, but when it will be released is currently unclear.

Users who open a PDF document in the current version of Adobe Reader therefore run the risk of infecting their system with malware. According to Adobe, those who use version XI (11.x) of Acrobat or Reader under Windows can protect themselves by activating the Protected View feature. In Reader, this option can be found by selecting File ➤ Edit ➤ Preferences ➤ Security (Enhanced) and looking for the Protected View options on that page. Enabling this option will result in PDF documents being opened in a sandbox.

Another option is to use a different PDF viewer, of course. Those who have Google Chrome installed on their computers for can set it as the default program for viewing PDFs. To enable this, right click on a PDF file, select "Open With", "Choose program" and then select Chrome.exe (which, in Windows 7, can be found under C:\Users\{user name}\AppData\Local\Google\Chrome\Application).

(fab)