New Zero-Day Attack Riddles Adobe Reader

Adobe has acknowledged that its widely used programs for creating and reading PDF files currently are under attack by hackers, but it has offered little information about how it plans to thwart the assault.

In an advisory posted on its website Wednesday, Adobe said essentially all versions of its Acrobat and Reader programs running on Windows, Macintosh and Unix-based machines have been exposed to a “critical vulnerability that could cause a crash and potentially allow an attacker to take control of the affected system.”

The statement also said Adobe is “aware of public exploit code for this vulnerability,” which means it knows that hackers took advantage of flaws in these programs to launch the attack.

“Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability,” the statement concludes.

Working With Security Vendors

TechNewsWorld was unable to reach Adobe for further comment, but it appears Adobe has been communicating with security software companies, which in turn have taken steps to protect their customers.

“We have been working with Adobe to secure first-hand information regarding this issue, as well as other patches, Ivan Macalintal, threat research manager with Trend Micro, told TechNewsWorld. “We’ve known about this threat since Tuesday and have updated our programs to detect it.”

The dangerous code is being unleashed via PDF files that users are enticed to open by a phishing email offering courses from David Leadbetter, a world-renowned golf instructor. When the PDF file is opened, it downloads a hidden program that attacks the user’s system.

“This code can do almost whatever it wants,” said Randy Abrams, director of technical education with ESET. “It can download malicious bots; it can load keystroke-tracking software, or any number of things.”

Blocking Corrupt Files

ESET customers are protected by code that scans PDF files and determines which are legitimate and which ones are not.

“We don’t have to know exactly what a malicious program intends to do to block it,” Abrams told TechNewsWorld. “We just need to know that it’s not conducting a legitimate operation.”

While Microsoft — which is known for its “Patch Tuesday” regimen of issuing security fixes — gets much more press about security issues, Adobe actually may be the victim of more attacks, Abrams suggested.

“It’s because Adobe’s programs are on all types of computers — Windows, Macs, Unix, Linux,” he explained. “At least in the security industry, it’s well known that Adobe has these issues.”

Still, it’s not likely that Adobe will go to a Patch Tuesday model, according to Abrams.

“Microsoft did that because its major customers demanded it,” he said.

Regardless of what Adobe or any other vendor does, users should always load virus protection on their computers, and “don’t open files — PDF or otherwise — from people you don’t know,” Abrams warned.

2 Comments

  • I’m disappointed, but not surprised.

    I have long considered Adobe’s products to be at much higher risk of attack than even those of Microsoft, taking into consideration company size, market share, etc.

  • Seems like every week their is another exploit found in a Adobe product. Its either Flash or Adobe Reader. I AM thinking maybe I should just uninstall both until they get their act together?

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

E-Commerce Times Channels