Adobe PDF Plugin Security

Adobe PDF Security Plugins & Reader Plug-in Vulnerabilities

Protect IP

Protect PDF documents regardless of location:

Stop unauthorized access
Stop sharing and distribution
No useless & insecure passwords or plug-ins

Restrict Use

Set Expiry

Revoke Access

Watermark

Log Use

Comply Law

Benefits

PDF Plug-in Vulnerabilities & Acrobat Reader Security

Plug-ins are dangerous. If you rely on plug-ins for your PDF security, then you should be aware their security may not like up to what some manufacturers claim.

“Because of the plug-in architecture of Acrobat and PDF readers, it makes PDF a less-secure platform for DRM” – ElcomSoft CEO Vladimir Katalov.

While PDF security plugins may seem convenient, they require admin rights to install and can put your protected PDF documents at risk.

Plugins can be overruled
A plugin from one manufacturer can stop a plugin from another manufacturer from:
- working correctly
- working at all
- or change what controls it enforces
Plugins can put your system at risk
Some document security providers that use plugins for Adobe Acrobat and other PDF readers require you to turn off security in those applications for their plugins to work.
This puts both the application and your system at greater risk of malware attack.
An example of this is Fileopen Systems, where its FAQ recommends disabling security if the PDF ‘security’ plugin will load.
Plugins can be easily broken
Plugins may suddenly stop working when there is:
- an update to the application it plugs into
- an update to another plugin within the application
If you think about all the different operating systems and versions of Acrobat that must be supported (a plugin may work in one version but not another) you can see how the situation quickly gets out of control.
Anyone can write a plugin for Acrobat
- Anyone can write a plugin for Adobe Acrobat Standard or Professional without obtaining an IKLA (Integration Key License Agreement).
- If a company has an IKLA with Adobe Systems, it does not mean that their product is certified as fit for purpose, is secure, or will not create weaknesses in the system.
- Plugin writers can forge signatures so that their plugins run in certified mode where they are given special privileges which can harm the system.
Plugins need Admin rights to install
Companies selling plugin solutions will claim they are easier for users to install. This is not true.
- They require the same Administrator rights as installing any other software.
- They are often more complex to install since they can clash with other plugins already installed – this can cause them to fail to install, or install incorrectly (i.e. they won’t work at all or as expected).
Unlike application software, plugins can create a gateway for other applications or malware to enter, decreasing the overall security of the application they are plugged into.

Adobe Plug-ins and PDF Plugin Security issues

Are plugins safe?

In the PDF world, it is commonplace to use plugins to provide extra functionality and features. But they are known to also create security holes. The highly respected CERT organization reported the following in respect of the Adobe system:

“Be careful not to install untrusted software, including non-certified Adobe plugins (those not signed and deployed by Adobe), unless certain of the origin and integrity of such software. Unverified non-certified plugins can be removed from the plug-ins directory, and they will no longer load at startup.”

However, it is also openly admitted that ‘legitimate’ plug-ins may compromize the security of a system:

“Developers can freely write plug-ins for Adobe Acrobat. An Adobe Reader plugin requires a license agreement and an enabling key from Adobe as part of the Adobe Reader Integration Key License Agreement (IKLA). The purpose of the Reader enabling plugin architecture and IKLA is for licensing only and does not imply suitability or endorsement by Adobe of third-party plugins. The Certified Mode of both Adobe Acrobat and Adobe Reader is used to provide added assurances that only plugins provided by Adobe are compatible. All third-party plugins are restricted to non-certified mode.”

So what does this all mean?

A company may have an IKLA with Adobe Systems, but that does not mean that their product is certified as fit for purpose and is not vulnerable to weaknesses in the system or does not create weaknesses in the system.
If you examine the licensing system in force at the date of this article, anyone can write a plugin for Acrobat Standard or Professional without obtaining an IKLA. That means any third party can write a perfectly valid and appropriate plug-in that extracts text from an open PDF document without it having been deliberately designed to break any security systems. Unfortunately, by its very nature, it does just that. There are many legitimate plug-ins on the market today that have this capability which are not hacking tools and were not developed for that purpose.

We respect the advice given by CERT, but note that if an attacker permits the loading of unverified non-certified plugins (which happens by default in all versions of Acrobat unless you specifically check a box to say otherwise) they may introduce vulnerabilities. Of course, one must assume that this is precisely what any attacker would do.

Normal users familiar with their desktop plugins can hardly be criticized for using non-certified plugins. You can hardly expect them to understand any of these arcane technical issues, still less comply with them.

Adobe PDF plugins and certified mode “protection”

There are many Adobe Reader and Acrobat plug-ins that can load (by design) only in certified mode. One example is all documents protected with “Adobe DRM” security handler (so-called eBooks).

Certified mode assures that all other plugins, loaded with those ones, have been also certified by Adobe. However, with this vulnerability, a plugin with a forged signature can perform virtually everything, including but not limited to:

removing or modifying any restrictions(from copying text to Clipboard, printing etc) from the documents loaded into Adobe Reader or Acrobat
remove any DRM (Digital Rights Management) schemes from PDF documents, regardless of the encryption handler used – WebBuy, InterTrust DocBox, Adobe DRM (EBX) etc.
modify or remove digital signatures used within a PDF document
affect any/all other aspects of a document’s confidentiality, integrity, and authenticity.

Still think plugins are safe?

Don’t just take our word for it, if you think plugins can’t compromise your security then read what Byran Guignard, an Adobe Certified expert, has to say.

If you cannot rely on a PDF security plugin working as expected (not conflicting or circumvented by other plugins) and failing to operate when Acrobat is frequently updated, then the plugin is effectively useless.

The following white paper, Plug-ins – a source of insecurity, examines and questions the claims often made by plugin suppliers that they are secure, giving published examples of where they are not. It demonstrates why you should not purchase a document security solution that relies on plugins.

Why and how plug-ins can compromize security

What are PDF plugins?

Many software product manufacturers provide customers access into their products and Adobe is no different. There are many reasons to do this, including to:

allow for local customization
allow extra facilities to be added (annotations, conversion, templates, etc.)
support features not provided by the manufacturer

Sometimes these points of access are called APIs, and sometimes they are called plug-ins. What do they do?

Well, they allow outsiders a degree of access to what is happening inside a manufacturer’s product by making information available, such as where some data is stored and how to manipulate that data. They expose the internal workings of the manufacturer’s product to the outsider. They tell the outsider where data is found and how to interpret it.

Are plugins secure – and what do we mean by secure?

Ideally, a plug-in should be secure by virtue of its own design, adding it to an existing application would not add a new weakness, and the plug-in would not conflict with any other plug-ins used in the same application.

However, it seems that plug-ins sometimes conflict with each other. The first thing you are told if there is an issue with an application is to disable all plugins. And if you do a Google search, you will find companies selling plug-in conflict detection tools, so the problem is a genuine hazard.

Unfortunately, plugins, like any other computer program, may also contain errors that need to be corrected. So, the solution is to update. But of course, everyone has to implement the update, and we know just how difficult that is to achieve.

And finally, it can be strange to consider that IT departments install plugins without any knowledge of what impact they may have. A plug-in, for example, obtains the rights of the application it is plugged into, which may be very considerable indeed.

Plug-ins are clearly not a guarantee of security, and, if used at all, should be used with great care and caution. It seems that, “One man’s meat is another man’s poison”.

Can plugins be made secure?

Plug-ins could be made secure, in the sense that by cryptography (digital signatures) the manufacturer can verify that plug-ins have been digitally signed before allowing the plug-in code to run (provided that the manufacturer evaluates and certifies all plug-in code before signing it so that every user may be certain that there can be no compromise to the application).

But only the manufacturer can do that – nobody else. And anyway, what would that mean? Are we to assume that the manufacturer has the technical ability to certify the security and quality of every plug-in that is digitally signed? Who is going to pay for that? It would create an immensely complex administration system, not to mention always having to have the manufacturer’s product being fully up to date.

Of course, this puts an enormous responsibility on the manufacturer to exercise high levels of due diligence if that strong control is to be exercised. If that strong control is not exercised, then in reality the providers of plug-ins have a free-for-all. Since they cannot know if they are the only plug-in running, and the nature and intent of any other plug-ins running at the same time as them, they cannot police the situation for themselves. In fact, just as they may expose the manufacturer’s system, they may also expose each other’s actions.

So let us say that a security plug-in is installed in a system. How will it protect itself against other plug-ins, or the manufacturer? What will be its approach to verifying the environment it finds itself in? Some security vendors providing plug-ins to inter-operate with other products have been unlucky, such as the PGP Outlook plug-in vulnerability reported at The Register where a security plug in weakness could compromize the system.

Clearly, placing blind trust in the manufacturer and all of their plug-in providers is a non-starter is folly. Security plugins are built on a foundation of sand. Any “security” they provide could collapse at any moment.

Why Locklizard for PDF Protection?

Locklizard PDF Security – Total PDF DRM Security without Plugins or Passwords

Locklizard takes your document protection seriously. We provide total PDF protection with US Gov strength AES encryption, public key technology, DRM, and licensing controls, to ensure your PDF files remain protected regardless of their location.

Our DRM PDF Security productsenable you to share documents securely without insecure passwords or plug-ins, and enforce access, location, expiry, and usage controls.
Locklizard DRM securitycannot be compromised by plug-ins. We prevent all plug-ins from being loaded in our secure Viewers so that no vulnerabilities can be introduced.
Unlike Adobe Permissions, which can be easily removed, our DRM controls persistently protect your PDF files and enable you to revoke PDFs at any time regardless of where they are.
No keys are exposed to users or interfaces and documents are only ever decrypted in memory – see our DRM technology.
No uploading of unprotected documents to the cloud where they could be easily compromised.
Our easy-to-use administration system provides simple user and document management and unlike passwords, keys are transparently and securely managed for you.

See our customer testimonials or read our case studies to see why thousands of organizations use Locklizard PDF security to securely share and sell their documents.

FAQs

Can attackers disable Adobe Acrobat plugins?

Attackers could create a plugin that interferes with the compatibility of another PDF plugin and therefore stops it from working or extracts page content from an open PDF. For example, a PDF DRM plugin may be tampered with so that a user gains access to editing controls when the document is supposed to be read-only. Or a plugin with a spoofed certificate could use the same permissions the DRM solution does to copy the text to another document.

As a result, it is important that users are not allowed to install unvetted plugins and that plugins are extensively checked for compatibility with each PDF viewer and plugin update.

What are the best Adobe Acrobat plugins?

The best Adobe Acrobat plugins are those found in the creative cloud app that are certified and provided by Adobe. However, this does not mean that third-party plugins cannot conflict with them and therefore stop them from functioning correctly. Even if Acrobat is run in “certified plugins only” mode, third-party plugins may be able to forge a certification and gain full control over the document.

The best security will therefore be found by not using Acrobat plugins at all.

Are PDF plugins for Chrome secure?

No, they do not keep documents safe. Plugins in Chrome are simply designed to allow you to read PDFs, not to add additional security. In fact, the official Acrobat PDF plugin for Chrome was found in 2017 to have a cross-site scripting vulnerability that allowed malicious sites to execute JavaScript code in the user’s browser.

How do I get an Adobe Acrobat plug-in?

Acrobat plugins can be found in the Creative Cloud app or can sometimes be downloaded directly from a plugin developer’s site. However, you must be careful when downloading from third-party sites – some plugins may be intentionally designed to steal your data or compromise your security.

In fact, given the problems with plugins outlined above, it’s best to avoid them entirely.

What is Adobe protected mode?

Adobe protected mode provides an added layer of security by sandboxing application processes. A sandbox is a confined execution environment for running untrusted programs. In protected mode, malicious PDF documents can’t launch arbitrary executable files, write to system directories or the Windows Registry.

It is therefore important that protected mode is enabled (the default). If you have to disable protected mode to get an Adobe Reader plugin to load then you should consider the security and legal implications, especially if this is a plugin you have forced users to install before they can view your PDF documents.

Customer Testimonials

We needed to deliver e-book versions of our handbooks while not compromising on security and digital rights. Safeguard PDF security is easy to use and intuitive.

The implementation was painless and we now have a greener, more secure way of distributing training manuals.
Locklizard’s PDF protection is exactly as described – the features are highly effective and I would give it 5 stars.

I would recommend Locklizard to others - their security is simple to use and fit for purpose. It meets common needs of businesses who have information they want to protect.
We would be happy to recommend Locklizard to any company needing a flexible way to secure PDF files.

Safeguard PDF Security has provided us with a very workable solution for sharing of information in a secure fashion. The support has been excellent and very accommodating.
We can cut accounts for a user five minutes before his class starts and he is ready to go. Happy smiling customer, while we still have security and personalized watermarking.

I have immense respect for the product and Locklizard provide great customer satisfaction and service.
We would recommend Safeguard to other companies for its security, cost and ease of use. It does what we expected it to do and more.

Ease of use is a bonus and the implementation was very easy. The product manual is excellent and Locklizard staff are very accommodating.
We sell a highly valued educational product in an open and competitive market so it was important to ensure we had effective security to protect our digital rights.

We highly recommend Locklizard - a professional company with a competitive and professional PDF Security product.
We would absolutely recommend both Locklizard as a company, and Safeguard PDF Security. It has transformed our study materials to the next level.

Not only did this increase sales, but we also believe that it has increased our customers’ ability to learn, which is even more important!
We would recommend Locklizard Safeguard to other companies that need to protect PDF reports. Customers have found the process of accessing the protected documents to be seamless.

Implementation was easy and technical support has been very responsive to requests for help.
Our company would without reservation recommend Locklizard. Their document DRM software opens up delivery of our new products in a timely fashion while knowing that the content will remain secure.

The return on investment to our company has been immediately evident.
We use Safeguard to make sure that documents cannot be opened outside our local network or from a unauthorized computer in order to copy or print the documents.

It is the most feature rich, affordable, & simple to use PDF security product on the market.
Safeguard PDF Security is simple to administer and meets our needs, consistently delivering secured manuals to our customers with ease.

Return on investment has been elimination of many man hours, printing resources and postage – it is estimated that costs decreased by 50% or more.
We would really recommend Safeguard PDF Security to every publishing company for managing ePubs or e-books securely. It is easy to secure PDF files and simple to distribute them to our authorized customers only.

Locklizard also provides a good customer support experience.
The ROI for us is incalculable. We have the security of knowing that our proprietary documents are secure. This is the entire value of our company.

I would most certainly recommend your PDF security product and already have. The ease of implementation was surprising.
We can now sell our manuals without the need to print them first, saving time, money and helping safeguard the environment.

We would recommend Safeguard PDF DRM – it is the perfect solution to sell and send e-documents securely whilst making sure someone cannot copy them.
We would recommend Locklizard to other companies without hesitation.

Their PDF DRM products provide a manageable, cost effective way to protect intellectual investment and they are always looking for ways to improve them. Moreover, their staff provide an excellent level of support.