Attack of the Killer PDFs
Security and Fraud March 1st, 2007
Today’s post in the Art Biz blog pointed me to some information about a security flaw in Adobe Acrobat Reader. As you probably already know, Acrobat Reader is the free program that allows you to open and read PDF documents. PDF files are pretty widespread on the internet as web sites use them to distribute documents, catalogs, application forms, and all manner of different things. Some artists I know use PDFs in order to distribute their portfolio or product catalogs and lots of art organizations put their applications and prospectuses in PDF format.
Well, apparently some pretty malicious people can use the security hole in Acrobat Reader in order to access your machine to open files, delete files, and even execute programs. What’s worse is that even if the PDF that you create to send for download from your web site is safe, hackers can still create havoc by attaching code to the PDF download link. You can check out the security bulletin from Adobe:
http://www.adobe.com/support/security/bulletins/apsb07-01.html
Fortunately, you can easily protect yourself by upgrading to Acrobat Reader 8, which is the newest version of the program. Adobe released the new version a couple of months ago to include the security fix. If your computer’s operating system can’t handle Acrobat Reader 8, you can download Version 7.0.9, which also contains the security fix. And yes, this security fix also applies to Mac users too!
If you provide PDFs for visitors of your site, there are some steps you can take to help protect them. The security advisory provided by Adobe gives instructions on how to do this:
http://www.adobe.com/support/security/advisories/apsa07-02.html
There are also some less “geeky” instructions here:
http://blogbusteraudio.blogspot.com/2007/02/when-pdfs-attack.html
If you want a more detailed explanation of this security risk, check out this article on ZDnet:
http://news.zdnet.com/2100-1009_22-6147428.html?tag=nl.e539
Thanks to the Art Biz blog for the heads up!
