Cyber Attacks Underway On Adobe PDF Users

Multiple groups are using a previously unknown vulnerability in Adobe
Acrobat and Reader to attack users in an attempt to gain unauthorized
access to commercial, government and private computer systems and steal
data. This attack is triggered by simply opening a malicious PDF file.
There is currently no patch against this attack and a patch will not be
released until Jan. 12. Everyone is urged to use caution with any PDF
files, including those from known associates and personal accounts.

Until the patch has been installed at JLab, the IT Division recommends
that you not open pdf documents unless they are work related and you
know the origin of the file(s). Please delete any e-mails with
suspicious attachments of any kind.

Users are urged to follow the steps below to disable JavaScript inside
their Adobe Acrobat and Reader programs on their JLab computers as well
as on home computers. Note that these instructions apply to Windows,
Linux and Mac computers.

Disabling Adobe JavaScript:

  • Launch Acrobat or Adobe Reader
  • On Windows and Linux: Select Edit>Preferences
  • On Mac: Select Acrobat>Preferences
  • Select the JavaScript category
  • Uncheck the 'Enable Acrobat JavaScript' option
  • Click OK

If you have any questions, e-mail the Helpdesk at helpdesk@jlab.org.

E-mail security@jlab.org to report suspicious e-mails or phone calls.



content by magaldi@jlab.org

maintained by webmaster@jlab.org