A reminder about about the Acrobat reader vulnerability we blogged about several times recently (http://www.eset.com/threat-center/blog/?p=593, http://www.eset.com/threat-center/blog/?p=579, http://www.eset.com/threat-center/blog/?p=572).
Remember I said "As we’ve said previously, disabling JavaScript, while it doesn’t address the underlying vulnerability, stops known exploits from working properly"?
Predictably, there are now known exploits that don't use the JavaScript heap spray trick. While I'm not aware right now of such an exploit "in the wild", it's likely that someone will rectify - wrongify? - that. So while there's still no reason for most of us to have JavaScript activated in Acrobat Reader, and while disabling it will protect against some known exploits, it hasn't eliminated the risk from the original vulnerability.
Obviously, we suggest that you keep an eye open for the release of the updates appropriate to your version of Acrobat and/or Acrobat Reader. Adobe say that a patch will be released for version 9 by March 11th, and for versions 7 and 8 by March 18th. They've also made further information available here. Given that PDFs are a frequent target for malicious exploitation, you might want to sign up for Adobe's security advisory alert service. And, as always, be aware that you might be offered "patches" from other sources that are actually malicious programs!
In the meantime, though, the best protection available is to be aware of the danger from targeted attacks: treat unexpected PDF (and other)documents, even from people known to you, as potentially/possibly malicious. Even when this particular vulnerability (and the Excel vulnerability that's also been making waves) has been patched, there will be other attempts to use "harmless" document formats as a means of compromising systems.
David Harley
Director of Malware Intelligence
