Tech Alert

Adobe Reader/Acrobat Critical Vulnerability

January 2007

Issue

Adobe Systems, Inc. has identified a critical vulnerability in Adobe Reader and Adobe Acrobat version 7.x that could allow an attacker who successfully exploits this problem to take control of the affected system. Earlier versions of Adobe Reader and Adobe Acrobat may also be affected.

A user who opens an infected PDF (Adobe Acrobat) file directly from the Internet risks infecting his/her machine with the malicious code. The malicious code would grant an attacker access to that machine.

Impact

If a computer becomes infected with the malicious code, an attacker can obtain the computer’s user privileges, take control of the computer, and attack other machines accessible through available networks.

Recommended Action

As soon as possible, update the computers you use with version 8.0 of Adobe Reader and Adobe Acrobat.

University computers managed through the Active Directory system are in the process of being updated automatically with Adobe Reader and Adobe Acrobat version 8.0.

Infected Machines

If you have tried to read an Adobe (PDF) file directly from the Internet and the download unexpectedly stopped or froze, your system may have become infected. There is no simple way to determine if your computer has been infected. Therefore, the most effective action is preventative.

If you believe a machine you use is infected by the malicious code, call your college or business unit computer technician for immediate assistance.

Support for You

For immediate assistance, please contact your college or business unit computer technician. If you have questions or concerns, you may also contact the Information Technology Help Desk at campus extension 1400 or by email at helpdesk@csun.edu.