Article

Active PDF attacks target Reader, Acrobat zero-day vulnerability

Robert Westervelt, News Editor

Adobe Systems Inc. is warning of a new zero-day vulnerability in its popular Reader and Acrobat applications that is being actively targeted by attackers in the wild.

In an advisory released late Tuesday, Adobe acknowledged reports from several security vendors that a new malicious PDF file was discovered in some email attachments targeting the Adobe zero-day. Adobe said a remote code execution vulnerability is in Reader and Acrobat 9.2 and earlier versions.

"We are currently investigating this issue and assessing the risk to our customers," Adobe said. "We will provide an update as soon as we have more information."

Joji Hamada, a virus handler at Symantec Corp., said a source tipped off the firmof the possibility of a new PDF zero-day vulnerability. In the Symantec Connect security blog, Hamada said there are few known details about the

Requires Free Membership to View

Adobe Reader flaw.

"The PDF files we discovered arrives as an email attachment," Hamada wrote. "When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed."

Security experts have warned that attackers are favoring holes in Web-facing user applications to gain entry to enterprise systems. Adobe's Reader and Acrobat applications have been highly targeted as has Apple's QuickTime media player. Both applications offer browser plug-in functionality making them an attractive target. Other coveted entryways have been through holes in Adobe's Flash Player plug-in, which has a huge marketshare.

Adobe is analyzing the malcode targeting its latest flaw and said it would release more details as they become available. Hamada urged users to be extra cautious of file attachments during the holiday season. Don't open unknown file attachments, he said.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the Adobe vulnerability an extremely critical rating. The Secunia advisory warned that the flaw was being actively exploited.

Steven Adair of The Shadowserver Foundation said in a blog post that users can disable JavaScript to provide an extra layer of protection until Adobe releases a patch. Adair and guest co-blogger Matt Richard said currently 5 of 41 antivirus vendors are currently detecting the threat.

Adobe Flash Player update
Last week, Adobe issued an update to Flash Player fixing seven serious vulnerabilities that could enable attackers to crash the player and take control of a victim's machine. The update repaired memory corruption errors, a data injection vulnerability and multiple crash flaws. Adobe urged users to update their Flash Player to version 10.0.42.34.