It seems that Adobe Acrobat is blocking most antivirus software (opens in new tab) from scanning PDF files at launch, putting users at risk.
The issue was first identified by cybersecurity researchers from Minerva Labs. As reported by BleepingComputer, Minerva spotted Adobe Acrobat scanning for DLL files from 30 security products, to see if they’re loaded into memory while it’s active. These products also include the industry’s heavy hitters, such as Bitdefender, Avast, Trend Micro, Symantec, Malwarebytes, ESET, Kaspersky, F-Secure, Sophos, and Emsisoft.
If it finds any, it “most likely” blocks them, preventing any monitoring activity, the report states.
Share your thoughts on Cybersecurity and get a free copy of the Hacker's Manual 2022 (opens in new tab). Help us find how businesses are preparing for the post-Covid world and the implications of these activities on their cybersecurity plans. Enter your email at the end of this survey (opens in new tab) to get the bookazine, worth $10.99/£10.99.
A known issue
“Since March of 2022 we’ve seen a gradual uptick in Adobe Acrobat Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL,” Minerva Labs explained.
Bleeping Computer also found a user complaint on the Citrix forum, saying Sophos’ Antivirus started getting errors after an Adobe product was installed, and that the company suggested disabling DLL-injection for Acrobat and Reader.
“We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat’s usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues,” wrote Adobe, in response to complaints.
> Hackers have found a new way to smuggle malware onto your device (opens in new tab)
> Patch Adobe Reader now or risk a major security attack (opens in new tab)
> Update your Adobe software now to fix these ‘critical’ threats (opens in new tab)
At the moment, it’s working on a fix, to “ensure proper functionality with Acrobat's CEF sandbox design going forward.”
According to Minerva Labs, between compatibility issues and disabling antivirus solutions, Adobe chose the latter, putting its users at real risk of malware (opens in new tab), ransomware (opens in new tab), and other nasties lurking in the depths of the internet.
PDF files are known to have been used by threat actors in the past. Only recently, researchers spotted a campaign that uses PDF files, through which malicious Word files were being distributed to target endpoints.
Via BleepingComputer (opens in new tab)