Active PDF attacks target Reader, Acrobat zero-day vulnerability

Malicious PDF files discovered in the wild spread via an email attachment and target a yet-to-be patched hole in Adobe Reader and Acrobat.

SearchSecurity.com:
To get security news and tips delivered to your inbox, click here to sign up for our free newsletter.

Adobe Systems Inc. is warning of a new zero-day vulnerability in its popular Reader and Acrobat applications that is being actively targeted by attackers in the wild.

In an advisory released late Tuesday, Adobe acknowledged reports from several security vendors that a new malicious PDF file was discovered in some email attachments targeting the Adobe flaw. Adobe said the remote code execution vulnerability is in Reader and Acroobat 9.2 and earlier versions.

"We are currently investigating this issue and assessing the risk to our customers," Adobe said. "We will provide an update as soon as we have more information."

Adobe Systems updates:
Adobe updates Flash Player, fixes seven serious vulnerabilities: Adobe Flash Player 10.0.42.34 repairs memory corruption errors and a data injection vulnerability that could enable an attacker to crash the player and take control of a machine.

Trusteer CEO criticizes Adobe, touts better patch deployments: Despite critical Flash and Adobe Reader updates July 30, only a fraction of Adobe users have installed them, Trusteer says. Trusteer's CEO urges better patching mechanisms. 

Joji Hamada, a virus handler at Symantec Corp. said the firm was tipped off from a source of the possibility of a new PDF zero-day vulnerability. In the Symantec security blog, Hamada said there are few known details about the Adobe Reader flaw.

"The PDF files we discovered arrives as an email attachment," Hamada wrote. "When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed."

Security experts have warned that attackers are favoring holes in Web-facing user applications to gain entry to enterprise systems. Adobe's Reader and Acrobat applications have been highly targeted as has Apple's Quicktime player. Both applications offer browser plug-in functionality making them an attractive target. Other coveted entryways have been through holes in Adobe's Flash Player plug-in, which has a huge marketshare.

Adobe is analyzing the malcode targeting its latest flaw and said it would release more details as they become available. Hamada urged users to be extra cautious of file attachments during the holiday season. Don't open unknown file attachments, he said.

Danish vulnerability clearinghouse Secunia issued an advisory Tuesday, giving the Adobe vulnerability an extremely critical rating. The Secunia advisory warned that the flaw was being actively exploited.

Adobe Flash Player update
Last week, Adobe issued an update to Flash Player fixing seven serious vulnerabilities that could enable attackers to crash the player and take control of a victims machine. The update repaired memory corruption errors, a data injection vulnerability and multiple crash flaws. Adobe urged users to update their Flash Player to version 10.0.42.34.

Dig deeper on Email and Messaging Threats (spam, phishing, instant messaging)

Pro+

Features

Enjoy the benefits of Pro+ membership, learn more and join.

0 comments

Oldest 

Forgot Password?

No problem! Submit your e-mail address below. We'll send you an email containing your password.

Your password has been sent to:

SearchCloudSecurity

SearchNetworking

SearchCIO

SearchConsumerization

SearchEnterpriseDesktop

SearchCloudComputing

ComputerWeekly

Close