Acrobat Exploits Resolved? Maybe, but when will you upgrade?
Over the last few years there have been frequent security lapses and vulnerabilities found in Adobe Acrobat. My own frequent personal and professional use of Acrobat leaves me feeling uneasy every time I read about an exploit. For example, search Google for news articles in the past year with “acrobat exploit vulnerability” as your search. At the time I’m writing this, that search returns 103 results — most of which have a good dozen or so results associated with each result.
This should be a concern for your firm when reviewing native documents from a client’s computer, thumb drive or email. Prior to opening the DVD or thumb drive from your client on your workstation, how are you verifying that these files do not contain code that will take advantage of one of these exploits? For many of the links listed in the searches above, they’re listed as “Zero Day” exploits. These exploits are named after the theoretical age of the vulnerability. The software manufacturer, corporations and anti-virus companies aren’t aware of these exploits to prevent or identify them which means they’re released on “day zero.” Your IT department, anti-virus software, anti-malware software and anti-spyware software are no match for these exploits.
Recently Adobe announced that Acrobat X would “sandbox” its actions going forward. A “sandbox” environment typically refers to one where actions are limited and quarantined. For example, here is wikipedia’s entry on a sandbox environment as it relates to computer and network security and here’s another wikipedia entry on a sandbox environment as it relates to software development. The idea is that Acrobat will be unable to interact with the Windows file system or its registry, two areas that are frequently accessed in exploits — not just Acrobats — leaving the sandboxed application only able to harm itself and documents it opens, but not the rest of your computer. With Acrobat finally isolating its own access in an effort to keep you safe (and avoid additional negative publicity no doubt), you should now be safe from the exploits, right?
That depends on how quickly your IT department updates your workstations. Do you have a process for vetting new software upgrades and releases, prior to being released? You should. In most small firms, the IT department should be able to quickly evaluate and test the newest Acrobat release and determine whether it’s able to be installed on your network.
But what happens if they find a conflict with another program your firm uses that requires an older version of Acrobat? What if you work for a larger firm or corporation whose IT department is understaffed and the upgrade processes is delayed? What if you work for a corporation that’s so large these upgrade rollouts require significant planning and trial runs?
We typically see clients that are still using Acrobat versions 7 or 8, despite Acrobat Reader being a free program (the same cannot be said for Acrobat Professional). If you were to modify the Google search above and search for exploits specific to these versions you’ll find significantly more, as Adobe typically patches the problems it’s aware of as it’s developing new versions of their software. With these exploits available to hackers (or more accurately, “crackers”) all over the world, how are you sure your client’s data is safe on your network?
If updating your software as security releases are announced isn’t an option, we suggest using a combination of a document hosting platform and file viewers for your reviews. The E-Discovery space is full of hosted document review options, and New Jersey Legal has put its support behind iCONECT.
iCONECT allows you to review documents one-by-one, using their two built-in file viewers to quickly and safely review your documents, while allowing you to run detailed searches to make more efficient use of your review time. These viewers are found to be significantly faster than downloading and opening these files from the platform, as the files themselves are never transmitted to your workstation. This has the added benefit of keeping infected files off of your network and away from your computer.
If you would like to learn more about New Jersey Legal’s iCONECT document hosting platform, including its advanced search options, secure file viewers, folder organization and time-saving document coding; please contact New Jersey Legal’s E-Discovery department at (856) 910-0202 or ediscovery@njlc.net.
Related posts:
- Searchable PDFs and TIFFs with OCR text
Almost all cases now contain some form of electronic data. Even if most of your case involves paper documents, the paper is scanned and the document productions are actually electronic......
