Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat

Outsmart Malicious Hackers


Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.

It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one.

This time it’s a zero-day just hit and it is being actively exploited, with the worrying statement made that the fix will come in the ‘following weeks‘.

Hackers are targeting a zero-day vulnerability affecting Adobe Reader and Acrobat with malicious PDF files. Adobe officials say a fix for the issue will be available for Adobe Reader and Adobe Acrobat in the coming weeks.

Hackers have once again turned to PDF files to spread their wares, this time assaulting a zero-day flaw affecting Adobe Reader and Acrobat.

Fortunately, the unpatched bug is on the company’s radar, and fixes for Adobe Reader 9 and Acrobat 9 are slated to be available March 11. Updates for earlier versions will come later, company officials said in an advisory.

The bug is due to an error in the parsing of certain structures in PDF files. If exploited successfully, the bug could allow a hacker to take complete control of a vulnerable system.

Ok March 11th, only about 3 weeks to get a fix for a potentially very serious problem. Allowing complete control over the system, with the majority of people still using the Administrator account to user their computers on a day-to-day basis – that’s not good.

I don’t see how patch management will help here either, the patch won’t be out until 3 weeks after the exploit has become public. With attacks being targeted initially, and becoming more wide spread I would have thought immediate patching would have been more suitable.

“In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location,” blogged McAfee researcher Geok Meng Ong. “The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution.”

“While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public,” the researcher continued. “As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon.”

In the meantime, security researchers at the Shadowserver Foundation recommend users consider disabling JavaScript. Symantec also recommended Adobe users keep their antivirus up-to-date.

“While we continue to investigate this issue, customers are advised to follow best practices and only open email attachments from people they trust,” blogged Symantec researcher Patrick Fitzgerald. “Enabling DEP (Data Execution Prevention) for Adobe Reader will also help prevent this type of attack.”

There are some measures to can take to combat the problem, if you’re using Adobe on a corporate network you might want to think about pushing out some changes via Group Policy.

And well once again, another reason to use Foxit! PDF Reader.

Source: eWeek

Posted in: Exploits/Vulnerabilities, Malware

, , , , , ,


Latest Posts:


snallygaster - Scan For Secret Files On HTTP Servers snallygaster – Scan For Secret Files On HTTP Servers
snallygaster is a Python-based tool that can help you to scan for secret files on HTTP servers, files that are accessible that shouldn't be public and can pose a s
Portspoof - Spoof All Ports Open & Emulate Valid Services Portspoof – Spoof All Ports Open & Emulate Valid Services
The primary goal of the Portspoof program is to enhance your system security through a set of new camouflage techniques which spoof all ports open and also emulate valid services on every port.
Cambridge Analytica Facebook Data Scandal Cambridge Analytica Facebook Data Scandal
One of the biggest stories of the year so far has been the scandal surrounding Cambridge Analytica that came out after a Channel 4 expose that demonstrated the depths they are willing to go to profile voters, manipulate elections and much more.
GetAltName - Discover Sub-Domains From SSL Certificates GetAltName – Discover Sub-Domains From SSL Certificates
GetAltName it's a little script to discover sub-domains that can extract Subject Alt Names for SSL Certificates directly from HTTPS websites which can provide you with DNS names or virtual servers.
Memcrashed - Memcached DDoS Exploit Tool Memcrashed – Memcached DDoS Exploit Tool
Memcrashed is a Memcached DDoS exploit tool written in Python that allows you to send forged UDP packets to a list of Memcached servers obtained from Shodan.
QualysGuard - Vulnerability Management Tool QualysGuard – Vulnerability Management Tool
QualysGuard is a web-based vulnerability management tool provided by Qualys, Inc, which was the first company to deliver vulnerability management services as a SaaS-based web-service.


2 Responses to Hackers Target 0-Day Vulnerability In Adobe PDF Reader & Acrobat

  1. navin February 23, 2009 at 1:30 pm #

    Hehe…..nice little advert for foxit at the end there!! Anyways I shifted to it long ago…..its lighter on the system memory too!! :)

  2. dblackshell February 24, 2009 at 2:18 am #

    @navin: funny thing about foxit… I changed to foxit some time ago because I was constantly annoyed by Acrobat(s) Reader update “implementation” (it always ask for updates when I want to quickly take a look over a pdf)… first thing after installation: http://img249.imageshack.us/img249/9311/glumapp5.jpg