In April a new attack emerged that hid malware in a PDF and used a design flaw in the PDF format to infect computers along with social engineering tactics to get users to open the bad PDF. It exploited the /Launch feature of PDFs to run malware embedded in the PDF and in addition it was reported that methods were found to change the warning text in the reader to trick users into allowing it to run. Users of Adobe Reader, Foxit, and other readers were vulnerable to the attack.

Computer World now announces that Foxit Software has released an update to version 3.3 of their Foxit Reader on May 4 that helps block the PDF exploits. Foxit Reader is a free PDF reader that competes with Adobe Reader. The update adds a safe mode, called the Trust Manager, that is enabled by default. The Trust Manager blocks external commands that may be embedded in a PDF. In the Foxit 3.3 release announcement it says,

This is a follow-up security improvement to the Foxit Reader release on April 2nd, 2010. Earlier this month, Foxit Reader adopted a warning message before running any executable command embedded in a PDF document. Version 3.3 adds a second level of security by giving the user an option for disabling all external commands. The new Trust Manager allows users to select a safe mode operation, once selected; no external commands will be executed by the Foxit Reader.

The Trust Manager does not disable all JavaScript which is frequently used to exploit vulnerabilities but it is partially disabled. Specifically one of the JavaScript functions disabled is the ability of PDF files to execute non-PDF files. It is possible for the user to easily disable/enable Trust Manager.

Adobe so far hasn’t said that they will put out an update to Adobe Reader to counter this exploit, Foxit Reader is the only one to take action against this problem so far. Adobe does say that one solution that users can take is to disable the /Launch feature in Adobe Reader which is turned on by default.