Free Republic
Browse · Search
General/Chat
Topics · Post Article

Skip to comments.

Adobe Reader 0day under active attack
The Register - UK ^ | September 8th, 2010 | Dan Goodin

Posted on 09/08/2010 6:52:16 PM PDT by ConservativeMind

Researchers have uncovered sophisticated attack code circulating on the net that exploits a critical vulnerability in the most recent version of Adobe Reader.

The click-and-get-hacked exploit spreads through email that contains a booby-trapped PDF file that remains virtually undetected by most anti-virus programs, according to Mila Parkour, the security researcher who first alerted Adobe to the threat. It was being sent to a small group of individuals who “work on common issues,” he said, causing him to believe they were narrowly selected by the attackers.

Adobe on Wednesday confirmed that the vulnerability affects Reader 9.3.4 and earlier versions for Windows, Mac OS X, and Unix. The company's security team is in the process of figuring out when it will release a patch. Adobe is working with security companies to help them develop detection and quarantine techniques to contain any attacks.

In the meantime, there are no mitigations users can take other than to exercise due care in opening PDF documents. It may also make sense to use an alternate PDF viewer such as FoxIT, but it's not yet been confirmed that that other programs aren't vulnerable.

The malicious PDF, which also exploits Adobe Acrobat, uses some highly sophisticated techniques to ensure success. It contains three separate font packages so it works on multiple versions of the Adobe programs, and it also has been designed to bypass protections such as ASLR, or address space layout randomization and DEP, and data execution prevention, which are built in to more recent versions of Microsoft Windows.

Engineers with the Metasploit framework are in the process of building a module that will make the exploit work with the open-source program for security professionals and hackers. An update could come as soon as Thursday, H D Moore, CSO of Rapid7 and chief architect of the Metasploit project, told The Register.

“It's a pretty complicated exploit and it's going to take a while to take apart,” he said.

The exploit comes as Adobe is putting the finishing touches on a security feature that's designed to significantly lessen the severity of attacks that exploit buffer overflows and other types of common bugs in Reader. The “sandbox” is intended to put a container around the application so that sensitive parts of the operating system can't be accessed by rogue code. Adobe has said it will be available by the end of this year.

Active exploits are likely to become more widespread once the attack code is put into Metasploit.

For now, white hats and black hats alike can glean further details from this analysis on the Contagio Malware Dump blog. It's maintained by Parkour, who described the project as a hobby. ®


TOPICS: Computers/Internet
KEYWORDS:
This is a bad one. Don't click on any Adobe Reader files from any place you can't fully trust.
1 posted on 09/08/2010 6:52:18 PM PDT by ConservativeMind
[ Post Reply | Private Reply | View Replies]

To: ConservativeMind

Adobe is the worst crap on the market. I refuse to use their bloated garbage-ware.

Foxit is the only way to go. Although they note it may be vulnerable too, I guarantee you Foxit will fix it fast and better and will still outperform Adope.


2 posted on 09/08/2010 6:57:53 PM PDT by bigbob
[ Post Reply | Private Reply | To 1 | View Replies]

To: bigbob

I like Foxit Reader better, too. Check it out, folks.


3 posted on 09/08/2010 7:44:07 PM PDT by Rio
[ Post Reply | Private Reply | To 2 | View Replies]

To: Rio

I did, hope you are right.


4 posted on 09/08/2010 7:46:01 PM PDT by rose
[ Post Reply | Private Reply | To 3 | View Replies]

To: ConservativeMind
The click-and-get-hacked exploit spreads through email that contains a booby-trapped PDF file that remains virtually undetected by most anti-virus programs,

If that's correct, it should be easy enough to avoid. I rarely, if ever receive emails that contain PDF files.

5 posted on 09/08/2010 7:57:00 PM PDT by Will88
[ Post Reply | Private Reply | To 1 | View Replies]

From the makers of Adobe Flash... you know, that plugin that crashes your browser every day.


6 posted on 09/08/2010 8:03:12 PM PDT by RC51
[ Post Reply | Private Reply | To 3 | View Replies]

To: ConservativeMind

Best to remove Adobe Reader and all its pieces from your PC altogether and use Foxit Reader. It’s better than Adobe Reader and it doesn’t have all the BS that goes with Adobe Reader. Plus it allows you to natively annotate PDF documents with its Typewriter tool.


7 posted on 09/09/2010 7:22:02 AM PDT by Bloody Sam Roberts (A fearless person cannot be controlled.)
[ Post Reply | Private Reply | To 1 | View Replies]

To: rose

The first thing I noticed about Foxit was that it loaded more quickly when opening a pdf.
It has a tabbed window like Firefox if you open more than one document.
It allows some editing of the .pdf files

The only trouble that it has given me is that it has failed to print some particularly complex files like CAD drawings.


8 posted on 09/09/2010 7:59:52 AM PDT by Rio
[ Post Reply | Private Reply | To 4 | View Replies]

Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.

Free Republic
Browse · Search
General/Chat
Topics · Post Article

FreeRepublic, LLC, PO BOX 9771, FRESNO, CA 93794
FreeRepublic.com is powered by software copyright 2000-2008 John Robinson