Security alerts

Acrobat® and Reader® alert you when a PDF tries to complete a restricted action from an untrusted location or file. These potentially risky actions can damage your computer and data. The type of alert depends on the action and your version of Acrobat or Reader. Most alerts appear in the yellow document message bar below the toolbars. If available, the message includes user options to override the restricted action.

View full size graphic

Security alert with user overrides

Enterprise administrators can fine-tune security settings for their Acrobat and Reader users by disabling features. In this case, user overrides are not available.

View full size graphic

Security alert without user overrides

Some product features assign trust through their own panel, for example, the Trust Manager for URL access or Multimedia Trust (Legacy) for playing embedded multimedia. For features affected when enhanced security is enabled, you can selectively allow restricted actions by using a method described in Bypassing enhanced security restrictions.

Security alerts are displayed in the following situations.

Blacklisted JavaScript

Adobe uses a blacklist to specify vulnerable JavaScript APIs that could leave your program open to malicious attacks. Adobe modifies the blacklist via Acrobat and Reader patches whenever new vulnerable JavaScript APIs are discovered, or when vulnerabilities are fixed. Enterprise administrators can prevent additional JavaScript APIs from running in their environment.

If a PDF tries to access a blacklisted JavaScript, a message appears in the yellow document message bar below the toolbar area. The type of message depends on your version of Acrobat or Reader, recent updates from Adobe, and any fine-tuning by enterprise administrators.

For more information about the situations that trigger JavaScript warnings, see the TechNote at http://go.adobe.com/kb/ts_cpsid_50432_en-us.

For more information about blacklisted JavaScripts, see the TechNote at http://go.adobe.com/kb/ts_cpsid_50431_en-us.

Security settings update

Adobe periodically distributes certificates to be used as trust anchors for signature workflows. These downloads are important to ensure that digitally signed PDFs from trusted sources maintain their trusted status. If you receive an update from an unknown source, verify that it is from a web address that you trust before proceeding. Updates from untrusted websites can create vulnerabilities on your computer.

Access to unknown or untrusted websites

An alert helps prevent PDFs from connecting to malicious websites. The alert is displayed when a PDF tries to connect to a site in these situations:

The site is not on your list of trusted sites in Trust Manager.
The PDF or the website is not listed as a privileged location in the Security (Enhanced) preferences.

Before allowing the connection, look carefully at the URL to ensure that it is an appropriate link. To find out why the PDF is trying to contact the Internet, contact your system administrator or the PDF creator.

Enhanced security warnings

With enhanced security enabled, Acrobat and Reader alert you when a document attempts any of several potentially risky actions. You can selectively allow these restricted actions by using an appropriate method from the list in Bypassing enhanced security restrictions.

Important: Acrobat and Reader 9.3 and 8.2 enable enhanced security by default. Adobe recommends that you enable enhanced security if it is not already enabled, and that you bypass restrictions only for trusted content.

Cross-domain access: Enhanced security prevents a PDF in one host domain from communicating with another domain. This action prevents a PDF from getting malicious data from an untrusted source. When a PDF attempts cross-domain access, Acrobat and Reader automatically attempt to load a policy file from that domain. If the domain of the document that is attempting to access the data is included in the policy file, then the data is automatically accessible.
Note: This action is different from displaying or browsing HTML pages, images, or other web content, which is allowed.
Loading or running JavaScript: Acrobat and Reader block JavaScript operations when the scripts are blacklisted or originate from an external source.
Inserting data into PDFs and forms: An alert notifies you when an untrusted source attempts to add data into a PDF form by using an FDF file, for example. Although this data-injection feature can streamline workflows in your organization, it can also be used to add malicious data into a PDF.
Silent printing: Silent printing is printing to a file or printer without any confirmation from you. It is a potential security risk because a malicious file can silently print multiple times to your printer, wasting printer resources. It can also prevent other documents from printing by keeping the printer busy.
Contact your system administrator to determine when to allow silent printing.

Twitter™ and Facebook posts are not covered under the terms of Creative Commons.