Security warnings when a PDF opens

You sometimes see a warning when you open a PDF. The warning comes in many forms (three are shown below).

The warning is asking whether you trust the people who sent you the PDF or the site in which the PDF is displayed. The warning appears because the PDF content can potentially harm your computer. For example, the warning is displayed for PDFs that can transfer or run programs and macros. It does not necessarily mean that the PDF is harmful.

What is the right action to take?

Some product features assign trust through their own Preferences panel. For example, the Trust Manager includes for managing URL access, and Multimedia Trust (Legacy) has options for playing embedded multimedia. For features affected when enhanced security is enabled, you can selectively allow restricted actions by using a method described in Bypass enhanced security restrictions.

If you know and trust the sender

If you trust the PDF or the company or individual who sent it, click the Options, Allow, or Play button. (The buttons vary depending on the warning.) You can now view the PDF.

If you don’t know or trust the sender

If you don't trust the PDF or don't know who created it or where it came from, don't click the Options, Allow, or Play button. Acrobat and Adobe Acrobat Reader continues to block the suspicious content or actions. To hide the warning, click the Close or Cancel button. If you click any of the blocked content, the warning reappears.

No Options, Allow, or Play button?

If the warning does not contain an Options, Allow, or Play button, your administrator has disabled this feature. You cannot choose to trust or allow this content. Click the Close or Cancel button to hide the warning. You can view the PDF, but you cannot access any of the blocked content. Contact your administrator for more information.

When are security warnings displayed?

Security warnings can be displayed in the following situations:

Blacklisted JavaScript

JavaScript is a computer language in widespread use. JavaScript code can be vulnerable to attacks, and JavaScript can be used to open websites. Adobe regularly updates the blacklist with known JavaScript vulnerabilities. If a PDF tries to access blacklisted JavaScript, you see a message in the yellow document bar, at the top.

For administrators:

• For instructions on how to manage JavaScript execution, see the article JavaScripts in PDFs as a security risk

• For more information about the situations that trigger JavaScript warnings and blacklisted JavaScript, see www.adobe.com/go/acroappsecurity.

Security settings updates

Adobe periodically distributes certificates for security purposes. These downloads help ensure that digitally signed PDFs from trusted sources maintain their trusted status. If you receive an update from an unknown source, verify that it is from a web address that you trust before proceeding. Updates from untrusted websites can create vulnerabilities on your computer.

Accessing stream objects (XObjects)

Acrobat and Reader display a warning when a PDF attempts to access external content identified as a stream object. For example, a URL might point to an external image. The silent transmission of data can pose a security risk as Acrobat and Reader communicate with an external source.

Inserting data into PDFs and forms

A warning appears when an untrusted source attempts to add data to a PDF form. Although this data-injection feature can streamline workflows in your organization, it can also be used to add malicious data into a PDF.

Silent printing

Silent printing is printing to a file or printer without your confirmation. It is a potential security risk because a malicious file can silently print multiple times to your printer, wasting printer resources. It can also prevent other documents from printing by keeping the printer busy.

Contact your system administrator to determine when to allow silent printing.

Web links

In addition to visible web links in a PDF document, form fields can contain hidden JavaScript that open a page in a browser or silently request data from the Internet.