The issue was first identified by cybersecurity researchers from Minerva Labs. As reported by BleepingComputer, Minerva spotted Adobe Acrobat scanning for DLL files from 30 security products, to see if they’re loaded into memory while it’s active. These products also include the industry’s heavy hitters, such as Bitdefender, Avast, Trend Micro, Symantec, Malwarebytes, ESET, Kaspersky, F-Secure, Sophos, and Emsisoft.
If it finds any, it “most likely” blocks them, preventing any monitoring activity, the report states.
A known issue
“Since March of 2022 we’ve seen a gradual uptick in Adobe Acrobat Reader processes attempting to query which security product DLLs are loaded into it by acquiring a handle of the DLL,” Minerva Labs explained.
Bleeping Computer also found a user complaint on the Citrix forum, saying Sophos’ Antivirus started getting errors after an Adobe product was installed, and that the company suggested disabling DLL-injection for Acrobat and Reader.
“We are aware of reports that some DLLs from security tools are incompatible with Adobe Acrobat’s usage of CEF, a Chromium based engine with a restricted sandbox design, and may cause stability issues,” wrote Adobe, in response to complaints.
At the moment, it’s working on a fix, to “ensure proper functionality with Acrobat’s CEF sandbox design going forward.”
According to Minerva Labs, between compatibility issues and disabling antivirus solutions, Adobe chose the latter, putting its users at real risk of malware (opens in new tab), ransomware (opens in new tab), and other nasties lurking in the depths of the internet.
PDF files are known to have been used by threat actors in the past. Only recently, researchers spotted a campaign that uses PDF files, through which malicious Word files were being distributed to target endpoints.