"NSA: Securing Cloud-Related PDFs Shouldn't Mean Sacrificing Usability"

The increased use of editable Portable Document Files (PDFs) has created another path for attackers, but the National Security Agency (NSA) says the right configuration can protect most systems without sacrificing usability. NSA advises users to enable security features that allow greater collaboration rather than disabling the JavaScript that supports higher functionality. NSA released guidance pointing out JavaScript as the programming language commonly used in electronic forms for recipients to fill out, sign, and return documents electronically. As the use of JavaScript in PDFs continues to grow, NSA suggests that administrators not change the default setting for Adobe Acrobat Reader DC that enables JavaScript. According to NSA, Protected Mode and the enhanced security setting can help alleviate some of the security concerns surrounding the enabling of JavaScript in PDFs. Malicious actors can plant code into PDFs that can abuse the vulnerabilities contained by PDF readers built into web browsers or applications designed for reading and creating them. Therefore, malicious PDFs continue to be an access vector to infiltrate networks. NSA's recommendations aim to help users secure their Adobe Reader and make it difficult for adversaries to get in. This article continues to discuss the NSA's recommended security configurations for Adobe Acrobat Reader DC that protect most systems without compromising functionality.

NextGov reports "NSA: Securing Cloud-Related PDFs Shouldn't Mean Sacrificing Usability"