Adobe Patches PDF Vulnerabilities Being Exploited In The Wild

The New Acunetix V12 Engine


At least! Adobe has sorted itself out and released patches for 17 critical vulnerabilities in their Reader and Acrobat applications. We reported back in January about Active Exploitation Of Unpatched PDF Vulnerabilities.

The latest slew of vulnerabilities has been actively exploited by hackers for at least the past month as detected in the wild by anti-virus companies. Many of the vulnerabilities were critical and could lead to remote code execution, especially combined with the recent flash exploits.

They had to step up as well and get the patches out fast because the code went public in June.

Adobe on Tuesday patched 17 critical vulnerabilities in Reader and Acrobat, including one that hackers have been using for nearly a month to commandeer PCs.

Another patch fixed a design flaw in the PDF format that attackers have been exploiting since April to dupe users into downloading a Trojan horse.

Adobe rushed the security update, which was originally slated to ship July 13, because exploit code went public and attacks using rigged PDF documents started showing on antivirus vendors’ reporting systems four weeks ago. The company patched Flash — hackers were tricking people into visiting malicious sites, then using the same bug to launch drive-by attacks — on June 10.

Sixteen of the 17 fixed flaws were labeled with the phrase “could lead to code execution” in Adobe’s advisory , the company’s way of saying that the bug was critical and could be used to hijack machines. Like Apple , and unlike Microsoft , Adobe doesn’t rate the severity of the vulnerabilities it patches. The seventeenth patch was also likely critical: “Arbitrary code execution has not been demonstrated, but may be possible,” the advisory read.

Looks like they’ve been having some serious problems, not just run of the mill exploits but problems with the very architecture and design of the Adobe software. Some of the biggest malware vectors for distribution last year came from Adobe Reader flaws.

And it has been happening in the wild, these flaws allowed malicious bot-net herders to peddle their wares and infect thousands of people.

Another fix addressed a design problem in the PDF document format that could be leveraged to con users into downloading malware. The bug, which was not strictly a security vulnerability, was first disclosed by Belgium researcher Didier Stevens in late March. Stevens demonstrated how a multi-stage attack using the PDF specification’s “/Launch” function could successfully exploit a fully-patched copy of Adobe Reader. Stevens also showed how a Reader warning could be changed to further fool users.

Hackers have been using Stevens’ technique in mass attacks to infect Windows PCs with bot Trojans.

With the updates to versions 9.3.3 and 8.2.3, Adobe changed Reader and Acrobat so that the /Launch function was disabled by default — in earlier editions it had been turned on — and fixed the bug in the warning dialog so hackers couldn’t modify it. “Today’s update includes changes to resolve the misuse of this command,” said Steve Gottwals, an Adobe group product manager, on a company blog . “We added functionality to block any attempts to launch an executable or other harmful objects by default. We also altered the way the existing warning dialog works to thwart the known social engineering attacks.”

Stevens confirmed the fixes in a post to his blog Tuesday. “Not only is the dialog box fixed, but the /Launch action is also disabled by default,” he said.

Five of the 17 bugs Adobe patched Tuesday were reported by Tavis Ormandy, the Google security engineer who was at the center of a brouhaha earlier this month after he publicly disclosed a vulnerability in Windows when Microsoft wouldn’t commit to a patching deadline.

Thankfully they’ve disabled the /Launch function by default now and fixed other bugs which were classified as critical. Incidentally 5 of the 17 bugs were reported by Tavis Ormandy the Google engineer.

That guy has quite a record for uncovering software based vulnerabilities.

Source: Network World

Posted in: Exploits/Vulnerabilities, Hacking News

, , , , , , , , ,


Latest Posts:


Acunetix Vulnerability Scanner For Linux Now Available Acunetix Vulnerability Scanner For Linux Now Available
Acunetix Vulnerability Scanner For Linux is now available, now you get all of the functionality of Acunetix, with all of the dependability of Linux.
Gerix WiFi Cracker - Wireless 802.11 Hacking Tool With GUI Gerix WiFi Cracker – Wireless 802.11 Hacking Tool With GUI
Gerix WiFi cracker is an easy to use Wireless 802.11 Hacking Tool with a GUI, it was originally made to run on BackTrack and this version has been updated for Kali (2018.1).
Malcom - Malware Communication Analyzer Malcom – Malware Communication Analyzer
Malcom is a Malware Communication Analyzer designed to analyze a system's network communication using graphical representations of network traffic.
WepAttack - WLAN 802.11 WEP Key Hacking Tool WepAttack – WLAN 802.11 WEP Key Hacking Tool
WepAttack is a WLAN open source Linux WEP key hacking tool for breaking 802.11 WEP keys using a wordlist based dictionary attack.
Eraser - Windows Secure Erase Hard Drive Wiper Eraser – Windows Secure Erase Hard Drive Wiper
Eraser is a hard drive wiper for Windows which allows you to run a secure erase and completely remove sensitive data from your hard drive by overwriting it several times with carefully selected patterns.
Insecure software versions are a problem Web Security Stats Show XSS & Outdated Software Are Major Problems
Netsparker just published some anonymized Web Security Stats about the security vulnerabilities their online solution identified on their users’ web applications and web services during the last 3 years.


One Response to Adobe Patches PDF Vulnerabilities Being Exploited In The Wild

  1. NNM July 5, 2010 at 12:12 pm #

    I have another fix for the pdf security issues:
    control panel –> uninstall anything that contains the word “adobe”.
    Highly recommended…