Adobe Reader is hit with new zero-day attack, avoid immediately to stay safe


Adobe Reader, Adobe’s popular PDF viewer, has a flaw that is allowing hackers to install malware on users’ computers. The exploit affects the latest version of the program (11.0.1), as well as earlier versions. This appears to be Windows only.

Adobe engineers have tried to make malware attacks harder to carry out on their software by implementing a sandboxing technique, but this new attack bypasses those defenses. Researcher Yichong Lin from security firm FireEye, explains how the attack is carried out in detail:

“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

Researchers from Kaspersky Lab have added that the exploit escapes the Adobe sandbox, making it the first attack out there in the wild to do so and, in the process, endangering the more sensitive parts of infected computer.

It is noted that no in-the-wild attacks exploting this vulnerability have been seen yet but FireEye is warning Reader users to “not open any unknown PDF files.” But, better yet, maybe it’s better to play it safe and uninstall Adobe Reader, and look here for an alternative suggested by our awesome readers.

[via Ars Technica]

Related Posts

  • Maurice

    For awhile debenu is offering their pro edition of pdf for free; the catch is you need to like their facebook page. Is it worth it, I do not know you would have to check it out and decide on your own.

  • AT

    @Paul D: I didn’t say older software didn’t have security holes. I just said they had less problems. They just didn’t place themselves into everything on your system, thus making it more secure by default.

    @Coyote: You can make a case that too much software is poorly written. Software publishers also have a tendency of placing their own software above everyone else. Adobe is one of the biggest offenders in this aspect. The reuse of bad code and APIs makes it a house of cards.

    @dbaby: Press ANY key to continue…
    User “Where’s the ANY key?”

  • Seamus McSeamus

    This obviously calls for an Executive Order by HRH Obama.

  • dbaby

    @AT….. I miss the older software too.

  • Paul D

    @AT: Whatever. Doesn’t alter the fact that your original thesis (older apps didn’t have security holes) is absurd.

  • Coyote

    @Paul D: @AT: The days of script kiddies and small time hackers is long gone. Most of these holes and flaws are exploited by advertising firms and foreign nations looking to cash in on credit scams. Hell China trained 1000’s of these “script-kiddies” to try and find holes in Americas corporate structure.

    And as a little information on “zero-day” attacks, they don’t have to exist in the wild. More important is what the code is worth. Black market deals happen all the time when these are found/leaked. What that means for the general populace is pretty meaningless.

  • AT

    @Paul D: They are NOT hackers. They’re script kiddies. Hackers use their brains. Script kiddies only know how to brag about using someone else’s software or code.

  • Paul D

    @AT: No, just fewer hackers. Nowadays hackers don’t even have to write code. There are apps on the dark side to do it for them.

  • AT

    Is it just me or does anyone else miss older software versions before all these security holes. Adobe Reader 5 perhaps. Less features that nobody uses and less problems.

  • h_warriner

    Would you keep us up-to-date, as “fixes” are released? Thank you very much.

  • Coyote

    I’m beginning to wonder if these latest scares… java, adobe, iOS… aren’t just more media fabrications to fool us into thinking we need big changes to the not just the OSes we use but the very fabric of the internet.

    If I were a paranoid man, I would think big corporations would try just this tactic since scarring people with lawsuits over petty crimes of pirating, and the proliferance of open source are rendering their “IP’s” useless in the public domain.

  • Bub

    If there are no in-the-wild attacks, then this isn’t a zero-day vulnerability.