Attackers target critical Adobe PDF flaw

Home
Topics
Application and Platform Security
Securing Productivity Applications
Attackers target critical Adobe PDF flaw

Article

Attackers target critical Adobe PDF flaw

SearchSecurity.com Staff

Attackers may be trying to exploit flaws in Adobe Reader by using attack code modified to evade antivirus products.

The Bethesda, Md.-based SANS Internet Storm Center (ISC) warned that malicious PDF files are exploiting the JavaScript

Requires Free Membership to View

Login

SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

Michael S. Mimoso, Editorial Director

By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

buffer overflow vulnerability in Adobe Reader. ISC handler Bojan Zdrnja wrote on the site that proof-of-concept code was published shortly after Adobe Systems Inc. released an update repairing the flaw.

"The payload is in a JavaScript object embedded in the PDF document. Once extracted, it just contains first level obfuscation with a simple eval (unescape()) call," Zdrnja said.

Adobe released an update for Adobe Reader 8 and Acrobat 8. An attacker can pass a malicious PDF file to corrupt memory and cause the programs to crash. Adobe said.

Danish vulnerability clearinghouse Secunia gave the flaws a highly critical rating. Secunia said the flaws could be used to gain escalated privileges.

Related Topics: Securing Productivity Applications, Security patch management and Windows Patch Tuesday news, VIEW ALL TAGS

Dig Deeper

People who read this also read...

Related glossary terms

Terms for Whatis.com - the technology online dictionary
- sheepdip (sheep dipping or a footbath)

Show me more

More from Related TechTarget Sites

Security Channel
Cloud Security
SMB Security
Financial Security
Security UK
Security AU
Security IN

Security Channel
- Survey results: VARs report customers’ IT spending 2012 expectations
  
  VARs expect customers to increase spending on security more than any other IT area in 2012. See which security segments will grow the most.
- Create a computer security blog to attract and retain customers
  
  Blogging can produce new leads for security solution providers. Focus on content in your computer security blog that connects with customers.
- Penetration testing tutorial: Guidance for effective pen tests
  
  This penetration testing tutorial contains essential tips to help solution providers uncover vulnerabilities in clients’ networks.
Cloud Security
- SaaS security: Weighing SaaS encryption options
  
  A look at SaaS encryption techniques and challenges.
- Panel debates cloud computing governance issues
  
  Problems with data governance in the cloud aren’t much different than traditional outsourcing.
- The proposed EU data protection regulation and its impact on cloud users
  
  Cloud customers and cloud providers would face stricter data security requirements under draft European regulation.
searchMidmarketSecurity
- Windows Phone 7 security: Assessing WP7 security features
  
  Windows Phone 7 security features are proving to be a mixed bag. Sam Cattle assesses the enterprise security pros and cons of the latest Windows mobile platform.
- Choosing the best security certifications for your career
  
  Whether starting your career or planning your next step as an IT security professional, this tip will guide you toward the best certifications for your interests and experience.
- Midmarket security tutorials
  
  SearchMidmarketSecurity.com’s tutorials offer IT professionals in-depth lessons and technical advice on the hottest topics in the midmarket IT security industry. Through our tutorials we seek to provide site members with the foundational knowledge needed to deal with the increasingly challenging job of keeping their organizations secure.
searchFinancialSecurity
- Web application threats: What you really need to know
  
  In this special presentation, Mike Rothman details today's top Web application threats and pragmatic methods to integrate security into the Web application development process.
- Ramnit worm variant now dangerous banking malware
  
  The Ramnit worm now supports man-in-the-middle attacks, giving cybercriminals the ability to drain a victim’s bank account.
- SIEM vendors make the case for extending SIEM product capabilities
  
  Advanced features can reduce the threat of wire fraud. New rule sets can be shared among banks and credit unions.
Security UK
- Web application vulnerability statistics show security losing ground
  
  New Web application vulnerability statistics show the number of vulnerabilities is rising, despite the use of Web application development frameworks.
- Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
  
  Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.
- How to apply PCI DSS guidance to virtualisation technology
  
  Learn how to apply best practices from the recently released PCI DSS virtualisation guidance to your virtual environment.
searchSecurityAU
- AISA launches new website
  
  With a reinvigorated look and feel, improved back-end infrastructure, and regularly updated information about the association the Australian Information Security Association website has been re-launched for the benefit of its members and the Australian IT Security industry.
- Cisco hardening guides for IOS, IOS-XR and NX-OS devices
  
  Patching routing and switching infrastructure in any organisation is often delayed, sometimes due to the potential impact on production systems and sometimes because the IT resources are simply too busy fighting fires.
- Cloud providers and data sovereignty issues
  
  Australian cloud provider Ninefold warn that understanding who has legal access to company and personal private data is not as simple as checking a box and selecting the 'in-country' option.
Information Security
- Backtrack 5 PDF tutorial compendium: A pen-tester’s ready reckoner
  
  Our BackTrack 5 PDF tutorials collection will help you hone your edge, whether you are a security professional or an enthusiast. Best yet, they are free!
- Adobe issues support for Flash Player sandboxing in Firefox
  
  Adobe has launched the pubic beta of a new Flash Player sandbox feature for Firefox users, making attacks more difficult for cybercriminals.
- Microsoft spurs Browsium to rewrite tool for running IE6 on Windows 7
  
  Microsoft has spurred Browsium to rewrite its tool for running IE6 on Windows 7, limiting the security threat posed by continued use of IE6.

All Rights Reserved, Copyright 2000 - 2012, TechTarget