Security News > 2022 > June > Adobe Acrobat may block antivirus tools from monitoring PDF files

Adobe Acrobat may block antivirus tools from monitoring PDF files
2022-06-21 18:44

Security researchers found that Adobe Acrobat is trying to block security software from having visibility into the PDF files it opens, creating a security risk for the users.

"Since March of 2022 we've seen a gradual uptick in Adobe Acrobat Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL" - Minerva Labs.

Looking closer at what happens with the DLLs injected into Adobe processes, Minerva Labs found that Adobe checks if the bBlockDllInjection value under the registry key 'SOFTWAREAdobeAdobe AcrobatDCDLLInjection' is set to 1.

"In a post on Citrix forums on March 28, a user complaining about Sophos AV errors due to having an Adobe product installed said that the company"suggested to disable DLL-injection for Acrobat and Reader.

Replying to BleepingComputer, Adobe confirmed that users have reported experiencing issue due to DLL components from some security products being incompatible with Adobe Acrobat's usage of the CEF library.

"We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat's usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues" - Adobe.


News URL

https://www.bleepingcomputer.com/news/security/adobe-acrobat-may-block-antivirus-tools-from-monitoring-pdf-files/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Adobe 166 68 2143 934 2114 5259