It appears that Adobe Acrobat prevents most antivirus programs (opens in a new tab) from scanning PDF files on startup, putting users at risk.

The issue was first identified by cybersecurity researchers at Minerva Labs. As reported by BleepingComputer, Minerva detected Adobe Acrobat scanning the DLLs of 30 security products to see if they are loaded in memory while active. These products also include industry heavyweights such as Bitdefender, Avast, Trend Micro, Symantec, Malwarebytes, ESET, Kaspersky, F-Secure, Sophos, and Emsisoft.

If it finds any, it will "most likely" block them, preventing any surveillance activity, according to the report.

a known issue

“Since March 2022, we have seen a gradual increase in Adobe Acrobat Reader processes attempting to request which security product DLLs are loaded there by acquiring a handful of DLLs,” explained Minerva Labs.

Bleeping Computer also found a user complaint on the Citrix forum, saying that Sophos antivirus started getting errors after installing an Adobe product, and the company suggested disabling DLL injection for Acrobat and Reader.

"We are aware of reports that certain security tool DLLs are incompatible with the use of CEF by Adobe Acrobat, a Chromium-based engine with a restricted sandbox design, and may cause stability issues," Adobe wrote in response. to complaints.

At the moment, it's working on a fix to "ensure proper functionality with Acrobat's CEF sandbox design in the future."

According to Minerva Labs, between compatibility issues and disabling antivirus solutions, Adobe chose the latter, exposing its users to a real risk of malware (opens in a new tab), ransomware (opens in a new tab) and other villains on the prowl. in the depths of the Internet.

PDF files have been known to be used by threat actors in the past. Researchers recently detected a campaign using PDF files, through which malicious Word files were distributed to target devices.

Via BleepingComputer (Opens in a new tab)

Share This