Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat

E-mail Facebook VKontakte Google Digg BlinkList NewsVine Reddit YahooMyWeb LiveJournal Blogmarks TwitThis Live

[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]

Posted by Brian Krebs on Computer Security February 20, 2009 at 16:21:08:

In reply:
Re: закрыли доступ в однокассники, вконтакте на работе, кто знает ссылки? posted by Правлин February 20, 2009 at 11:28:52:

Original text: я например пользуюсь специально заточеный сервис для доступа в однокласники и вконтакте. Ну и новые адреса там появляются регулярно, помогает против ..

Hackers are exploiting an unpatched security hole in current versions of Adobe Reader and Acrobat to install malicious software when users open a booby-trapped PDF file, security experts warn.

Adobe issued an advisory Thursday warning that its Reader and Acrobat software versions 9 and earlier contain a vulnerability that could allow attackers to take complete control over a system if the user were to open a poisoned PDF file. Adobe said it doesn't plan to issue an update to plug the security hole until March 11.

Meanwhile, the folks at , a volunteer-led security group, said it has seen indications that this vulnerability is being used in targeted attacks . Shadowserver warns that this exploit is likely to be bundled into attack kits that are sold to cyber crooks who specialize in seeding hacked and malicious Web sites with code that tries to install malware.

"These types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet," Shadowserver volunteer Steven Adair wrote on the group's blog.

Adobe's advisory lacks any advice users can follow to mitigate the threat from this flaw. But those at Shadowserver say Adobe Reader and Acrobat users can significantly reduce their exposure to such attacks by disabling Javascript within the application. To nix Javascript, select "Edit," "Preferences," "Javascript," and uncheck the box next to "Enable Acrobat Javascript."

In the past I have recommended the free version of Foxit Reader as a faster and more lightweight alternative for viewing PDF files. However, I have not yet been able to verify whether Foxit Reader may be similarly vulnerable. I will update this post if I receive an answer from Foxit.

Update, 10:34 a.m. ET: "Sherry" from Foxit wrote me back to say the company has no information to suggest Foxit is similarly vulnerable: "Currently Foxit Software have not suffered these problems. And we will pay attention to it in the future."

Also, Symantec has now posted its writeup on this flaw, saying it has received reports of targeted attacks against government, large enterprise and financial services organizations. "We have observed few exploits of this vulnerability in the U.S., China, Japan, Taiwan and the U.K. and continue to monitor for any signs of a widespread attack using this exploit."


Leave reply:



Subject: Re: Attackers Exploiting Unpatched Flaw In Adobe Reader, Acrobat


Optional link, URL:

Link description:

Optional picture URL:

[ Replies ] [ Leave reply ] [ Proxy list bulletin board ] [ New Message ]