Security researchers suspect Adobe Acrobat of blocking antivirus software when opening PDFs. This means that most antivirus tools have no way of recognizing malware in PDFs opened by Acrobat.

The issue was found by security company Minerva Labs. Its report shows that Adobe Acrobat scans users’ devices for more than 30 antivirus tools, including Bitdefender, Avast, Trend Micro and ESET. According to the researchers, Acrobat tries to block the programs found. As a result, some antivirus tools cannot access PDFs opened by Acrobat. Malware in PDFs goes by unnoticed.

Technicalities

Antivirus tools inject DLL files into users’ applications. The DLL files offer a glimpse into the app. If the antivirus tool cannot inject DLL files, the tool is blind to threats. Adobe checks whether antivirus tools inject DLL files in Acrobat. Although Minerva Labs cannot rule out what happens next, the researchers say it’s highly likely that Adobe blocks the tool.

One of the files used is called ‘dBlockDllInjection‘, which substantiates the claim. Moreover, Adobe has a motive. The organization told Minerva Labs that the combination of Acrobat and antivirus software “can cause stability problems”. According to the researchers, Adobe blocks antivirus software in order to improve stability.

Security over stability

Adobe told Minerva Labs that it’s working with several antivirus vendors to resolve stability issues. The security company is dissatisfied with the response. Minerva Labs believes that Adobe should prioritize security. Stability is not a valid reason for blocking antivirus programs, say the researchers.

Tip: Deep Instinct uses deep learning for proactive endpoint security