Adobe Reader and Acrobat Issue update
This is an update on the Adobe Reader and Acrobat issue (CVE-2009-0658) discussed in Security Advisory APSA09-01. As mentioned previously, Adobe currently plans to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th. In addition, Adobe is also planning to make updates available for Adobe Reader 7 and 8, and Acrobat 7 and 8, by March 18th.
We have seen reports that disabling JavaScript in Adobe Reader and Acrobat can protect users from this issue. Disabling JavaScript provides protection against currently known attacks. However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk. Keeping this in mind, should users choose to disable JavaScript, it can be accomplished following the instructions below:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
In addition, Adobe continues its contact with Antivirus and Security vendors on this issue in order to ensure the security of our mutual customers. We are now able to report that the following Antivirus and Security vendors and related products provide protections and information regarding this vulnerability:
Checkpoint:
Check Point customers using Check Point Security Gateway products are protected from attacks exploiting this vulnerability, provided that the appropriate protection is activated. For more details and precise list of products, see http://www.checkpoint.com/defense/advisories/public/2009/sbp-24-Feb.html
McAfee:
Enterprise: http://www.mcafee.com/us/enterprise/products/system_security/servers/virusscan_enterprise.html
Consumer: http://us.mcafee.com/
Desktop: http://www.mcafee.com/us/enterprise/products/system_security/clients/host_intrusion_prevention_desktop_server.html
Server: http://www.mcafee.com/us/enterprise/products/system_security/servers/host_intrusion_prevention_server.html
Intrushield - Network IPS: http://www.mcafee.com/us/enterprise/products/network_intrusion_prevention/network_security_platform.html
Microsoft:
Microsoft Corporation products protecting against Exploit:Win32/Pidief and variants:
Microsoft Forefront Client Security
Microsoft Windows Live OneCare
Microsoft Windows Live OneCare safety scanner
Symantec:
Norton Antivirus 2009 (and earlier supported version) http://www.symantec.com/norton/antivirus
Norton Internet Security 2009 (and earlier supported version) http://www.symantec.com/norton/internet-security
Norton 360 http://www.symantec.com/norton/360
Symantec Endpoint Protection 11 http://www.symantec.com/business/endpoint-protection
Symantec AntiVirus 10 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for CacheFlow Security Gateway http://www.symantec.com/business/antivirus-for-caching
Symantec AntiVirus for Inktomi Traffic Edge http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for NetApp Filer/NetCache http://www.symantec.com/business/security_response/definitions.jsp
Symantec Mail Security for Domino v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-domino
Symantec Mail Security for Microsoft Exchange v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-microsoft-exchange
Symantec Mail Security for SMTP v 5.x (and earlier supported version) http://www.symantec.com/business/mail-security-for-smtp
Symantec Web Security 3.0 (and earlier supported version) http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Bluecoat Security Gateway http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Clearswift MIMESweeper http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Microsoft ISA Server http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus Scan Engine http://www.symantec.com/business/security_response/definitions.jsp
Symantec AntiVirus for Linux http://www.symantec.com/business/endpoint-protection
Symantec Brightmail Gateway http://www.symantec.com/business/brightmail-gateway
Sourcefire:
Users/Customers of Sourcefire, Snort and ClamAV are protected against this vulnerability.
Sourcefire 3D System
http://www.sourcefire.com/products/snort/rules/advisories/sa022009.html
OpenSource Snort
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-20.html
http://www.snort.org/vrt/advisories/vrt-rules-2009-02-24.html
ClamAV
http://www.clamav.net
Trend Micro:
Product link: http://us.trendmicro.com/us/products/enterprise/officescan-client-server-edition/index.html
Overview: http://www.trendmicro.com/vinfo/virusencyclo/default5.asp?VName=TROJ%5FPIDIEF%2EIN
We will continue to provide updates on this issue via Adobe’s Security Advisory and the PSIRT blog.
This posting is provided “AS IS” with no warranties and confers no rights