Adobe Reader is hit with new zero-day attack, avoid immediately to stay safe

2013-02-14_025811

Adobe Reader, Adobe’s popular PDF viewer, has a flaw that is allowing hackers to install malware on users’ computers. The exploit affects the latest version of the program (11.0.1), as well as earlier versions. This appears to be Windows only.

Adobe engineers have tried to make malware attacks harder to carry out on their software by implementing a sandboxing technique, but this new attack bypasses those defenses. Researcher Yichong Lin from security firm FireEye, explains how the attack is carried out in detail:

“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

Researchers from Kaspersky Lab have added that the exploit escapes the Adobe sandbox, making it the first attack out there in the wild to do so and, in the process, endangering the more sensitive parts of infected computer.

It is noted that no in-the-wild attacks exploting this vulnerability have been seen yet but FireEye is warning Reader users to “not open any unknown PDF files.” But, better yet, maybe it’s better to play it safe and uninstall Adobe Reader, and look here for an alternative suggested by our awesome readers.

[via Ars Technica]

Share this post

Comments

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>

12 comments

  1. Maurice

    For awhile debenu is offering their pro edition of pdf for free; the catch is you need to like their facebook page. Is it worth it, I do not know you would have to check it out and decide on your own.

  2. AT

    @Paul D: I didn’t say older software didn’t have security holes. I just said they had less problems. They just didn’t place themselves into everything on your system, thus making it more secure by default.

    @Coyote: You can make a case that too much software is poorly written. Software publishers also have a tendency of placing their own software above everyone else. Adobe is one of the biggest offenders in this aspect. The reuse of bad code and APIs makes it a house of cards.

    @dbaby: Press ANY key to continue…
    User “Where’s the ANY key?”

  3. Coyote

    @Paul D: @AT: The days of script kiddies and small time hackers is long gone. Most of these holes and flaws are exploited by advertising firms and foreign nations looking to cash in on credit scams. Hell China trained 1000′s of these “script-kiddies” to try and find holes in Americas corporate structure.

    And as a little information on “zero-day” attacks, they don’t have to exist in the wild. More important is what the code is worth. Black market deals happen all the time when these are found/leaked. What that means for the general populace is pretty meaningless.

  4. Coyote

    I’m beginning to wonder if these latest scares… java, adobe, iOS… aren’t just more media fabrications to fool us into thinking we need big changes to the not just the OSes we use but the very fabric of the internet.

    If I were a paranoid man, I would think big corporations would try just this tactic since scarring people with lawsuits over petty crimes of pirating, and the proliferance of open source are rendering their “IP’s” useless in the public domain.