Securing Adobe Acrobat is a critical part of securing endpoints in your organization. Think about all of the PDF documents users download from the internet, and receive via email. The risk of a user receiving a malicious PDF is relatively high, to limit the damage that can be done by malicious PDFs some basic security related configurations should be deployed throughout your environment to secure Adobe Acrobat.
“Malware authors weaponized more Adobe software vulnerabilities in 2018 than any previous year while the actual number of newly disclosed security flaws in the company’s products dropped significantly since reaching an all-time-high in 2016.”
1: Keep Adobe Acrobat Updated (Obvious but not always easy)
This is easy to accomplish if we are talking about your personal pc as is evident in these instructions but in a business this can be challenging however it isn’t impossible as shown in this set of instructions by Tames McTigue where group policy is used to update Adobe Acrobat. Other options are also available such as SCCM as demonstrated here by Prajwal Desai.
2: Prevent Adobe Acrobat from opening non PDF and FDF files
Believe it or not by default you can open .exe .bat and many other potentially dangerous file types with Adobe Acrobat. To prevent this from occurring you can follow this set of instructions from Adobe. Folks using group policy to manage their Adobe Acrobat deployments should navigate to the following path to prevent Acrobat from opening non PDF and FDF files: Computer Configuration > Administrative Templates > Adobe Reader DC Continuous > Preferences > Trust Manager > ‘Allow opening of non-PDF file attachments with external applications’ and set it to ‘Disabled’.
3: Enable Protected View and Protected Mode
By enabling protected view, Adobe Acrobat automatically opens files from untrusted sources in a sand box thus reducing their security risk. Protected mode also provides a sandbox, preventing malicious PDF files from launching executable files, and writing to parts of your system such as the registry. Individuals and IT admins can accomplish this by following this set of instructions.
4: Enable Enhanced Security Mode
Adobe Acrobat’s Enhanced Security Mode protects your computer against threats by blocking risky actions that effect trusted locations and files. Risky actions include cross domain access, script injection, data injection, and the execution of high privilege scripts. Instructions on enabling enhanced security mode are available here.
5: Restrict Flash Content
Flash is a popular way of installing malware onto systems via the web however flash can also be embedded into PDF documents, thus opening the door to your system being compromised. To prevent this, flash content can be restricted by modifying the “bEnableFlash” registry key as shown here.
The above list is by no means comprehensive, however it is a good start. We recommend that you follow the available DISA STIG (Security Technical Implementation Guide) for your version of Adobe Acrobat to help secure your Adobe Acrobat deployments. A whole library of Security Technical Implementation Guides are available at the DISA website.