We tend to take Acrobat Reader security as a given because we don’t often hear of viruses and attacks emanating from PDF files. A new exploit, however, has been discovered and Adobe is giving advice on how to protect yourself from the vulnerability.
The vulnerability was discovered by security researcher Didier Stevens, who demonstrated how an attack could use the launch action functionality in Acrobat PDF and Foxit to run embedded executables. The good news is that it’s a relatively easy fix unless you require the usage of that functionality.
To prevent Acrobat from running an executable simply open Acrobat and select Edit –> Preferences –> Trust Manager and deselect “allow opening of non-PDF file attachments with external applications“. This will prevent Acrobat from executing executables within the program.
