Adobe bypasses antivirus software


Security researchers have discovered that Adobe Acrobat blocks antivirus software to check opened PDF files, creating a security threat to the user. The Adobe product checks the presence of 30 DLL libraries of antivirus programs in its processes and blocks them, making it impossible to track malicious activity.

“Since March 2022, there has been a surge in Adobe Acrobat Reader processes, which by obtaining DLL descriptors request which antivirus DLL libraries are loaded into the file Adobe», — said the Minerva Labs researchers .

Adobe requests DLL libraries from well-known vendors, including:

  • Bitdefender ;
  • Avast ;
  • Trend Micro ;
  • Symantec ;
  • Malwarebytes ;
  • ESET ;
  • Kaspersky ;
  • F-Secure ;
  • Sophos ;
  • Emsisoft .

Requests to the system are made using libcef.dll, Chromium Embedded Framework (CEF) Dynamic Linking Libraries . In a post on the Citrix forums, a user complained about Sophos AV errors due to the installation of an Adobe product and said that the company “suggested disabling the DLL implementation for Acrobat and Reader.”

Adobe confirmed that users reported problems due to incompatibility of DLL components of antivirus software using the Adobe Acrobat CEF library. “We are aware of reports that some DLL libraries are incompatible with using Adobe Acrobat CEF and may cause stability problems”,— Adobe said.

Adobe is working with antivirus software vendors to solve the problem and “ensuring proper Acrobat CEF functionality in the future”. According to Minerva Labs researchers, Adobe solved the compatibility problem, but created a real risk of attack by not allowing antivirus software to protect the system.

Start a discussion …