PTA Issues Cyber Alert Against Security Flaw in Adobe Acrobat and Reader

The Pakistan Telecommunication Authority (PTA) has issued a Cyber Security Advisory concerning a vulnerability in Adobe Acrobat and Adobe Reader. The advisory highlights a significant security flaw identified as CVE-2024-30304.

This vulnerability, classified as a “use-after-free” error, poses a severe risk as it can enable remote attackers to execute arbitrary code on affected systems. According to the advisory, exploitation occurs when a victim is tricked into opening a specially crafted document, potentially leading to system compromise or application crashes.

PTA has urged users to refer to the official Adobe Security Advisory for necessary patches, upgrades, or workarounds to address this vulnerability. The PTA stressed the importance of applying these updates immediately to safeguard against potential exploitation. Additionally, users are advised to exercise caution when handling documents from unknown or untrusted sources, verifying the legitimacy of both the document and the sender before opening any files.

In its advisory, the PTA also recommended deploying and maintaining up-to-date antivirus and endpoint security solutions. These measures are crucial in detecting and blocking any malicious documents or code that might attempt to exploit the vulnerability. The PTA further emphasized the need to educate users about the risks associated with suspicious documents and encouraged prompt reporting of any unusual or suspicious activities to IT or security personnel.

The PTA suggested enabling security features like Protected View and Enhanced Security Settings in Adobe Acrobat and Adobe Reader. These features can help mitigate the impact of potential exploits. Additionally, monitoring network traffic and system logs for signs of exploitation or unusual activity was advised to detect any attempted attacks targeting this vulnerability.

PTA concluded by urging users to report any incidents to the PTA CERT through the designated portal and email. According to PTA, prompt reporting is essential for a quick response to any security threats related to this vulnerability.