1 HOME


© 2013 Adobe Systems, Inc. All rights reserved.

Updated Oct 14, 2014.

8   External Content Access

8.1   Internet access

Your application can inform you when a PDF file is attempting to connect to an Internet site. Opening a Web page represents a security risk because malicious content can be transferred whenever a PDF communicates with the Internet. In addition to visible links in a PDF document, form fields can contain hidden JavaScript calls that open a page in a browser or silently requests data from the Internet.

8.1.1   Changes across releases

Changes across releases: URL access
Version Change
9.0 None, but enhanced security is introduced which restricts cross domain communications when enabled.
9.1 None.
8.1.7 & 9.2 None.
8.2 & 9.3 Enhanced security is turned on by default. Enhanced security settings now take precedence over Trust Manager internet access settings.

8.1.2   Configuration

For 9.2 and earlier, this feature overrides enhanced security settings for files and folders. With 9.3, enhanced security settings take precedence. For example, with enhanced security enabled, files and folders can be trusted as privileged locations and access will be granted even if Trust Manager is set to “Block all.” Also, cross domain access always requires specifically trusting those domains as a privileged location in the Enhanced Security panel–simply trusting those sites in the Trust Manager will not work.

Internet access panel

_images/internet_access.png

To control web site access behavior:

  1. Choose Preferences > Trust Manager.
  2. Choose Change Settings in the Internet Access... panel.
  3. Choose whether to allow, block, or create custom settings for PDF access to web sites.
  4. Choose OK.

Manage Internet Access dialog

_images/manage_sites1.png

If you choose the custom settings option, the Web Sites panel becomes active and you can enter unique URLs. URLs must begin with www and end with a valid suffix. The Acrobat family of products maintains a white and black list of URLs called the Trust List. Users can specify whether or not URL access is allowed on a global or per-URL basis.

Manage Internet Access dialog

_images/manage_sites2.png

For URLs that aren’t explicitly trusted or blocked (they are not on the white or black list), a warning appears whenever a document tries to access the Internet. When you check Remember my action for this site, the site is added to your URL white or black list.

Blocked URL alert

_images/URL_notallowed.png

External connection warning

_images/connection_warning.png

8.2   Multimedia (legacy)

Multimedia poses a security risk because it could potentially change the document’s appearance or present security holes through multimedia players. There are two types of multimedia, and application behavior varies with each type:

  • Legacy multimedia: Any multimedia content which uses 3rd party multimedia plug-ins for playing content is legacy multimedia. The Yellow Message Bar appears on playing the legacy multimedia.
  • Default supported multimedia: Any multimedia content which uses the Authplay.dll for playing content is defined as non-legacy multimedia. Files like .flv and h.264 encoded files play by default. The Yellow Message Bar doesn’t appear in the presence of these media types.
Changes across releases: Multimedia support
Version Change
8.2 & 9.3
  • Legacy multimedia support is disabled by default. For media types other than Flash, support must be manually enabled.
  • A non-intrusive Yellow Message Bar (YMB) that doesn’t block workflows replaces many of the modal dialogs. Depending on how the client is configured, the YMB appears at the top of the document and offers the user to trust the document “once” or “always.”
9.5 & 10.1.2

Multimedia trust is integrated into the Trust Manager framework and the following changes have been made:

  • The following UI items are removed from Preferences > Multimedia Trust (Legacy): Clear your list of trusted documents AND Display permissions for ( ) Trusted documents ( ) Other documents.
  • Legacy Multimedia trust (trust for media types that use a player other than the product’s) is now stored as a privileged location at cMultiMedia rather than TMDocs.sav. The Trusted Documents list is not longer used.
11.0 The product no longer uses an embedded Flash player. Instead, the product leverages the user’s system player such as the Flash Player plug-in for browsers which use the Netscape plug-in API for FireFox and Safari. It is therefore subject to the browser’s security restrictions and limitations. For example, Flash local connections and FileReference are not allowed.

8.2.1   Configuration

To configure multimedia preferences:

  1. Choose Preferences > Multimedia Trust (legacy).
  2. (Removed with 9.5 and 10.1.2): From the Display Permissions for radio buttons, choose Trusted documents or Non-trusted documents. The Trust Manager displays the selected trust preferences.

Note

Beginning with 9.5 and 10.1.2, trust for legacy multimedia formats is stored in cMultiMedia. Prior versions stored information about trusted and untrusted documents for legacy multimedia types in a file called TMDocs.sav.

  1. Configure the Trust Options panel:

    1. Check or uncheck Allow multimedia operations.

    2. Set multimedia player permissions as follows: Select the player in the list and select an option from the Change permission for selected multimedia player to drop-down list:

      • Always: The player is used without prompting.
      • Never: Prevents the player from being used.
      • Prompt: Prompts the user to enable the player when a media clip tries to use that player.
    3. Select one or more of the playback options:

      • Allow playback in floating window with no title bars: Opens the media in a separate window without a title bar.
      • Allow document to set title text in a floating-playback window: Opens the media in a separate window with a title bar.
      • Allow playback in full-screen window: Opens the media in full-screen mode.
  2. Choose OK.

Note

Membership on the trusted document list is permanent until the list is manually cleared. Choose Clear to remove all documents from that list.

8.2.2   Trusted overrides

There are several ways to assign trust so that this feature works in a trusted context:

  • For older product versions, add files to the trusted and untrusted documents lists via modal dialogs as described below.
  • With 8.2 & 9.3 and later, users can trust documents on-the-fly when the PDF opens: When the Yellow Message Bar appears, choose the Options button and then trust the document once or always.
  • Configure certificate trust as described in 9.4   Per-certificate trust.
  • With 9.5 & 10.1.2 and later, create a privileged location via the UI for the file, folder, or host.
  • With 9.5 & 10.1.2 and later, create a privileged location via the registry/plist by placing a tID at:
[HKCU\Software\Adobe\<product name>\<version>\TrustManager\<cTrustedSites or TrustedFolders>\]
"cMultiMedia"

Certificate trust settings

_images/certificatetrust.png

8.2.3   Historical notes

8.2.3.1   Pre-10.1-9.5 behavior

Trust is stored in TMDocs.sav. Once a document is trusted, it is added to the Trusted Document list and will always use the preferences set for trusted documents. You can clear this list by selecting Clear in the Multimedia Trust panel.

Note

Membership on the trusted document list is permanent until the list is manually cleared. Therefore, once a document is on that list, changing the certificate trust level to disallowing dynamic content will have no effect.

Multimedia behavior workflow

_images/multimedia_workflow.png

8.2.3.2   9.3-8.2 & later

For 9.3 and 8.2, modal dialogs have been replaced by a Yellow Message Bar. The options button allows users to trust once or always. Choosing Always adds the item to the already existing Trusted Documents list.

Note

For versions 8.2-9.3 to 9.4.7-10.1.1, this feature does not interact with enhanced security and the Trusted Documents list is not the same as the privileged locations list. Trust is stored in a file called TMDocs.sav.

9.3-8.2 & later: Multimedia user trust assignment locked

_images/YMB_featuresdisabled.png

9.3-8.2 & later: Multimedia user trust assignment not locked

_images/YMB_overrideoptions.png

8.2.3.3   Up to 9.2-8.1.7

These product versions displayed the dialog below rather than the YMB.

9.2-8.1.7 and earlier: Manage Trust for Multimedia Content dialog

_images/multimedia_trust_dialog.png

8.3   XObjects

Changes across releases: XObject (external stream) access
Version Change
pre 9.2 External streams can be managed through preferences in the user interface.
8.1.7 & 9.2 External streams can be blocked by enabling enhanced security.

The application can inform you when a PDF file tries to access external content identified as a stream object by flags which are defined in the PDF Reference. For example, an URL might point to an image external to the document. Only PDF developers create PDF files with streams, so you may not need to enable access to external content. This feature interacts with enhanced security as shown below:

XObjects and enhanced security
XObject setting Enhanced Security Behavior
Never On No XObject access; proxy displays, if any.
Never Off No XObject access; proxy displays, if any.
Always On (w/ privileged location set) XObject displays.
Always Off No XObject access; proxy displays, if any.

To configure external content access:

  1. Choose Preferences > Page Display.

  2. Configure the Reference XObjects View Mode panel. Set Show reference XObject targets to:

    • Always
    • Never
    • Only PDF/X-5 compliant ones
  3. Set the location of referenced files (if any).

  4. Choose OK.

Resource access

_images/resourceaccess.gif

8.4   3D content (9.5.1 and later)

9.x products change the default behavior with 9.5.1 because the dynamic nature of 3D provides the potential for it to be subject to security vulnerabilities. Several new changes have been implemented:

  • 3D is disabled by default.

  • The user interface has a new checkbox at Preferences > 3D and Multimedia > Enable 3D Content.

  • 3D content has been integrated into the Trust Framework so that it’s possible to display 3D content for trusted content even when 3D is disabled. The feature allows you to:

    • Disable or enable 3D content.

    • Trust files, folders, and hosts as privileged locations via Preferences > Security (Enhanced) > Privileged Locations panel so that when a PDF with 3D content opens:

      • If it is trusted, the 3D content renders.
      • If it is not trusted, a Yellow Message Bar appears which says “Some features have been disabled due to potential security risks. Only enable these features if you trust this document.”
      • Options button provides the Trust Once and Trust Always options.
  • Enterprise IT can configure the end user settings via HKCU\Software\Adobe\<product name>\<version>\3D\bEnable3DContent.

  • Enterprise IT can disable and lock 3D rendering so that the user cannot change the setting via HKLM\SOFTWARE\Policies\Adobe\<product name>\<version>\FeatureLockDown\bEnable3D.

Note

This is a 9.5.1-only change since Protected Mode in 10.x products provides effective mitigation against 3D attack vectors.

8.5   Flash integration

Beginning with 9.5.1, Adobe Reader and Acrobat no longer include a Flash Player for displaying Flash in PDF files. Instead, rendering Flash content embedded in a PDF now requires that a Flash Player already resides on the user machine. This new strategy simplifies Acrobat and Reader deployments by reducing the number of future required updates should a security issue arise. Moreover, you can now manage and update Acrobat products and Flash individually.

If you open a PDF that requires Flash, a dialog prompts you to download and install the latest Flash player. To preinstall Flash, go here:

  • Windows: Adobe Reader and Acrobat Flash Player Download for Windows
  • Macintosh: Adobe Reader and Acrobat Flash Player Download for Mac

Note

Flash de-coupling is not available in Safari for this release. Otherwise, Acrobat 9.x products require the Flash Player browser plug-in (Safari and Firefox) version 11.2 or higher. Flash Player 11.2 stopped supporting Windows 2000 and Mac OS lower than 10.6. Therefore, users need at least Windows XP and Mac OS 10.6.x to view Flash content in a PDF.

Enterprise IT can control how Flash plays within PDFs by setting the bEnableFlash registry entry (Win) or EnableFlash plist entry (Mac). When set to 0, Flash only plays if the PDF is a trusted privileged location. The paths are as follows:

  • 32 and 64-bit XP: HKLM\SOFTWARE\Policies\Adobe\[Adobe Reader|Adobe Acrobat]\9.0\FeatureLockDown\bEnableFlash
  • 64-bit Windows 7: HKLM\SOFTWARE\Wow6432Node\Adobe\[Adobe Reader|Adobe Acrobat]\9.0\ FeatureLockDown\bEnableFlash
  • Macintosh: Contents::MacOS::Preferences << FeatureLockdown << /EnableFlash  [ /b false ] >>
Flash configuration
Setting Behavior
bEnableFlash = 0 Flash does not play within PDFs.
bEnableFlash = 1 Default. Same as when the key is not present. Play Flash in any PDF file without restriction.

Note that this change results in two new behaviors:

  • When bEnableFlash = 0, Flash content is rendered as an empty, white box and does not play. A yellow message bar also appears at the top of the document stating that “Some features are disabled to avoid potential security risks.”
  • When bEnableFlash = 1, Flash plays if there is a system player present. If a player is not found, then the user is prompted to download the latest version.