Sourcefire issues Adobe zero-day patch to block attacks

Article

Sourcefire issues Adobe zero-day patch to block attacks

Robert Westervelt, News Editor

Intrusion detection and prevention vendor Sourcefire Inc. issued a patch for a critical Adobe zero-day vulnerability that is being actively exploited by attackers.

    Requires Free Membership to View

    Login

    SearchSecurity.com members gain immediate and unlimited access to breaking industry news, virus alerts, new hacker threats, highly focused security newsletters, and more -- all at no cost. Join me on SearchSecurity.com today!

    Michael S. Mimoso, Editorial Director

    By submitting your registration information to SearchSecurity.com you agree to receive email communications from TechTarget and TechTarget partners. We encourage you to read our Privacy Policy which contains important disclosures about how we collect and use your registration and other information. If you reside outside of the United States, by submitting this registration information you consent to having your personal data transferred to and processed in the United States. Your use of SearchSecurity.com is governed by our Terms of Use. You may contact us at webmaster@TechTarget.com.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

In a Sourcefire Vulnerability Research Team blog posting Sunday, Lurene Grenier, a Sourcefire senior security researcher, wrote the "home brew patch" works for Adobe Reader 9. Those on Adobe 8 need to upgrade to the latest version to apply the patch.

The patch will block a malicious PDF file returning an "Insufficient data for an image," message. Grenier warned that the patch may not prevent all attacks.

Adobe zero-day flaw:
Attackers target new Adobe zero-day flaw:  Attackers are actively targeting a zero-day flaw in Adobe Acrobat Reader software, according to a warning from Symantec.

On Friday, Symantec Corp. researchers warned that hackers were attempting to exploit an Adobe zero-day buffer overflow vulnerability by spreading malicious PDF files containing the Pidief Trojan. Symantec didn't release infection rates, but said that attacks have been extremely limited in scope, targeting a few senior level executives. The first signs of it appearing in the wild were discovered in Japan.

Kevin Haley, director of product management for security response at Symantec, said researchers there were given a sample of the exploit code Feb. 12.

Adobe issued an advisory calling the zero-day flaw critical. The vendor said it plans to release a patch to address the issue by March 11.

"Adobe … recommends that users update their virus definitions and exercise caution when opening files from untrusted sources," the vendor said in its advisory to customers.

In a message to customers Adobe said disabling JavaScript provides protection against currently known attacks. "However, the vulnerability is not in the scripting engine and, therefore, disabling JavaScript does not eliminate all risk." Adobe also listed a number of security and antivirus vendors that protect agains the flaw.

Editor's note: This story was updated to report the latest protection information from Adobe.