4

I found this recommendation by the CISA to disable Javascript in Acrobat Reader. Also, this article recommends to disable Flash and Multimedia, and the opening of non-PDF attachments. Both recommendations are from 2010.

What more steps would you add to harden Acrobat/Acrobat Reader in 2021?

Victor
  • 373
  • 1
  • 10

2 Answers2

5

Disabling JS is actually a very good idea. If you still want to add some extra protection I would recommend:

  • Set the security options to the highest level. Acrobat Reader implements a sandbox mode, which is called Protected mode and is usually enabled by default. You can also enhance it using the Protected View:

https://helpx.adobe.com/reader/11/using/protected-mode-windows.html

  • Use an up-to-date version of Acrobat Reader to avoid n-days and vulnerabilities which could undermine the security of the product
borcho
  • 550
  • 2
  • 15
  • 2
    Genuine question: Is being up-to-date relevant with 0-day vulnerabilities? I do, of course, agree that being up-to-date is crucial. I was just under the impression that 0-days refer to undiscovered vulnerabilities, that aren't patched. –  Apr 13 '21 at 03:50
  • That is absolutely correct. It does make sense to speak about 1-days or n-days but not 0-days! Thanks for your correction! – borcho Apr 13 '21 at 12:40
1

You can also enable "Sandbox Protections".

Go to Edit > Preferences > Security (Enhanced) > Sandbox protections.

"Protected View (PV)" is a highly secure, read-only mode for Windows that blocks most actions until the user decides whether or not to trust the document. It is similar to documents opened in Microsoft Office. Users get an option to simply chose if you trust the document or not.

You can configure the feature prior to deployment manually or via the Customisation Wizard. The basic setting is:

[HKEY_CURRENT_USER\Software\Adobe\(product name)\(version)\Privileged]
"bProtectedMode"=(0|1)
BoredToolBox
  • 57
  • 5