Attacks/Breaches
12/7/2011
10:46 AM
50%
50%

Adobe Under New Zero Day Attack

Emergency patch for Adobe Reader and Acrobat 9.x for Windows due for release within a week.

Adobe Reader and Acrobat are under siege once again, this time via targeted attacks exploiting a previously unknown flaw in the software that lets an attacker crash the app and wrest control of the victim's machine. Adobe plans to issue an out-of-band update by next week for Windows-based systems only.

"The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this [common vulnerability and exposure] (or any other CVE)," said Brad Arkin, senior director of product security and privacy for Adobe said in a blog post Tuesday.

Arkin said users of Adobe Reader or Acrobat 9 and older versions should immediately upgrade to Adobe Reader or AcrobatX, which are safe from the exploit and attack due to the Protected Mode and Protected View features. Adobe will fix the issue in Adobe Reader and Acrobat X for Windows in the company's next scheduled security update on Jan. 10.

"The risk to Macintosh and UNIX users is significantly lower. We are therefore planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update on January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012," Arkin said.

Arkin said that, thus far, no malware has been able to penetrate Adobe Reader or Acrobat X.

Meanwhile, the new zero-day is just another dangerous flaw in a series for Adobe Reader and Acrobat, said Paul Henry, security and forensic analyst for Lumension Security.

Read the rest of this article on Dark Reading.

Comment  | 
Print  | 
More Insights
Register for Dark Reading Newsletters
White Papers
Cartoon
Current Issue
Dark Reading Tech Digest, Dec. 19, 2014
Software-defined networking can be a net plus for security. The key: Work with the network team to implement gradually, test as you go, and take the opportunity to overhaul your security strategy.
Flash Poll
Video
Slideshows
Twitter Feed
Dark Reading - Bug Report
Bug Report
Enterprise Vulnerabilities
From DHS/US-CERT's National Vulnerability Database
CVE-2014-8142
Published: 2014-12-20
Use-after-free vulnerability in the process_nested_data function in ext/standard/var_unserializer.re in PHP before 5.4.36, 5.5.x before 5.5.20, and 5.6.x before 5.6.4 allows remote attackers to execute arbitrary code via a crafted unserialize call that leverages improper handling of duplicate keys w...

CVE-2013-4440
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 generates weak non-tty passwords, which makes it easier for context-dependent attackers to guess the password via a brute-force attack.

CVE-2013-4442
Published: 2014-12-19
Password Generator (aka Pwgen) before 2.07 uses weak pseudo generated numbers when /dev/urandom is unavailable, which makes it easier for context-dependent attackers to guess the numbers.

CVE-2013-7401
Published: 2014-12-19
The parse_request function in request.c in c-icap 0.2.x allows remote attackers to cause a denial of service (crash) via a URI without a " " or "?" character in an ICAP request, as demonstrated by use of the OPTIONS method.

CVE-2014-2026
Published: 2014-12-19
Cross-site scripting (XSS) vulnerability in the search functionality in United Planet Intrexx Professional before 5.2 Online Update 0905 and 6.x before 6.0 Online Update 10 allows remote attackers to inject arbitrary web script or HTML via the request parameter.

Best of the Web
Dark Reading Radio
Archived Dark Reading Radio
Join us Wednesday, Dec. 17 at 1 p.m. Eastern Time to hear what employers are really looking for in a chief information security officer -- it may not be what you think.