Daily cyber threats and internet security news: network security, online safety and latest security alerts
December 16th, 2009

Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks

Adobe is investigating reports of unpatched flaws in its Reader and Acrobat software packages. Zero-day bugs in Adobe Reader and Acrobat have reportedly been exploited by hackers to attack vulnerable systems, in a series of limited (presumably) targeted attacks since 11 December. Adobe Reader and Acrobat 9.2 or below are potentially vulnerable to attacks. Successful exploitation creates a means for hackers to inject hostile code onto vulnerable systems, security notification firm Secunia warns.

Adobe has posted a holding statement on its security blog, saying that it is investigating the flaw. It’s unclear when a patch might become available.

Shadowserver suggests disabling JavaScript as a workaround, pending the availability of a patch from Adobe.

The latest security problem for Adobe follows the release of a patch for Flash and AIR addressing a previously unpatched vulnerability, released last week. Adobe is planning to publish a patch for a zero-day flaw in Illustrator on 8 January.

The popularity of Adobe software has made it a favoured target for hacking attacks over recent months. Booby-trapped PDF files have become as commonplace as browser exploits in hacking attacks. Part of the problem for this may be that applying Adobe updates is fiddlier and more time consuming than applying Microsoft fixes or patching browser exploits. Vulnerable ActiveX components can easily get left behind during updates, for example.

Credit: The Register

P.S. Whoever still uses Adobe Reader and Acrobat deserves to be hacked. With the amount of alternatives, there is no reason why Adobe products for PDF should not be uninstalled in the next 2 minutes.

Share this item with others:

More on CyberInsecure:
  • Exploit Code For Unpatched Flaw In Adobe Illustrator Released
  • Researchers Warn BlackBerry Users Over Malformed PDF Vulnerability
  • Critical PDF Processing Vulnerability In BlackBerry Enterprise Server
  • Microsoft Patch 14 PowerPoint Vulnerabilities, Adobe Patch Reader And Acrobar 0-day Vulnerability
  • Confirmed Zero-day Flash Vulnerability In Latest Adobe Reader And Acrobat 9.1.2, Adobe Flash Player 9 And 10

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Unpatched 0-day PDF Flaw Harnessed To Launch Targeted Attacks

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.