Adobe Reader, Adobe’s popular PDF viewer, has a flaw that is allowing hackers to install malware on users’ computers. The exploit affects the latest version of the program (11.0.1), as well as earlier versions. This appears to be Windows only.
Adobe engineers have tried to make malware attacks harder to carry out on their software by implementing a sandboxing technique, but this new attack bypasses those defenses. Researcher Yichong Lin from security firm FireEye, explains how the attack is carried out in detail:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
Researchers from Kaspersky Lab have added that the exploit escapes the Adobe sandbox, making it the first attack out there in the wild to do so and, in the process, endangering the more sensitive parts of infected computer.
It is noted that no in-the-wild attacks exploting this vulnerability have been seen yet but FireEye is warning Reader users to “not open any unknown PDF files.” But, better yet, maybe it’s better to play it safe and uninstall Adobe Reader, and look here for an alternative suggested by our awesome readers .
[via Ars Technica ]