CyberInsecure.com

Daily cyber threats and internet security news: network security, online safety and latest security alerts
September 8th, 2010

Latest Adobe Reader Version Under 0day Attack

Researchers have uncovered sophisticated attack code circulating on the net that exploits a critical vulnerability in the most recent version of Adobe Reader.

The click-and-get-hacked exploit spreads through email that contains a booby-trapped PDF file that remains virtually undetected by most anti-virus programs, according to Mila Parkour, the security researcher who first alerted Adobe to the threat. It was being sent to a small group of individuals who “work on common issues,” he said, causing him to believe they were narrowly selected by the attackers.

Adobe on Wednesday confirmed that the vulnerability affects Reader 9.3.4 and earlier versions for Windows, Mac OS X, and Unix. The company’s security team is in the process of figuring out when it will release a patch. Adobe is working with security companies to help them develop detection and quarantine techniques to contain any attacks.

In the meantime, there are no mitigations users can take other than to exercise due care in opening PDF documents. It may also make sense to use an alternate PDF viewer such as FoxIT, but it’s not yet been confirmed that that other programs aren’t vulnerable.

The malicious PDF, which also exploits Adobe Acrobat, uses some highly sophisticated techniques to ensure success. It contains three separate font packages so it works on multiple versions of the Adobe programs, and it also has been designed to bypass protections such as ASLR, or address space layout randomization and DEP, and data execution prevention, which are built in to more recent versions of Microsoft Windows.

The exploit comes as Adobe is putting the finishing touches on a security feature that’s designed to significantly lessen the severity of attacks that exploit buffer overflows and other types of common bugs in Reader. The “sandbox” is intended to put a container around the application so that sensitive parts of the operating system can’t be accessed by rogue code. Adobe has said it will be available by the end of this year.

Active exploits are likely to become more widespread once the attack code is put into Metasploit.

Credit: The Register

Share this item with others:

More on CyberInsecure:
  • Buffer Overflow Critical Vulnerabilities In Adobe Reader And Acrobat
  • Exploit Posted For Adobe Reader PDF Zero-day Vulnerability In ‘getAnnots()’ Javascript Function
  • Critical Flash Player, Acrobat, Reader Vulnerability Exploited In The Wild
  • Confirmed Zero-day Flash Vulnerability In Latest Adobe Reader And Acrobat 9.1.2, Adobe Flash Player 9 And 10
  • Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks

    • Posted in Adobe, Malware, Software, Spam, Vulnerabilities, Windows | Print This Post Print This Post

    This entry was posted on Wednesday, September 8th, 2010 at 3:36 pm and is filed under Adobe, Malware, Software, Spam, Vulnerabilities, Windows. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.

    If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Latest Adobe Reader Version Under 0day Attack

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    *
    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.

    « «
    » »