Critical Adobe Reader vuln under 'targeted' attack
No patch till Tuesday
Regcast training : Hyper-V 3.0, VM high availability and disaster recovery
Attackers once again are targeting an unpatched vulnerability in Adobe Reader that allows them to take complete control of a user's computer, the software maker warned.
Adobe said it planned to patch the critical security bug in Reader and Acrobat 9.1.3 for Windows, Mac and Unix on Tuesday, the date of the company's previously scheduled patch release for the PDF reader. According to Security Focus here, attackers can exploit the vulnerability by tricking a user into opening a booby-trapped PDF file.
"Successful exploits may allow the attacker to execute arbitrary code in the context of a user running the affected application," the security site warned. "Failed attempts will likely result in denial-of-service conditions."
The bug is presently being exploited in "limited targeted attacks," Security Focus added, without elaborating. Adobe said only that the attacks target Reader and Adobe running on Windows operating systems.
Those using Windows Vista with a feature known as data execution prevention enabled are safe from the exploit. Users on other platforms can insulate themselves from the current attack by disabling javascript from running inside the application, but Adobe warned it's possible to design an exploit that works around that measure.
(To do so, choose Preferences from Reader's Edit menu, highlight javascript and then uncheck the box that says "Enable Acrobat JavaScript.")
The company said it's working with anti-virus providers so their software can detect the PDF files that target the bug.
This is at least the third time this year that criminals have targeted an unpatched vulnerability in Adobe Reader or Flash, which arguably are installed on a larger base of machines than any Microsoft software. The company has taken flak not just for releasing buggy programs, but for taking too long to fix security flaws once they're discovered. The company in May promised to reinvigorate its security program for Reader. ®
COMMENTS
FoxIt 3.1 isn't such a dog these days.
FoxIt 3.1 isn't such a dog these days.
I use it - on Windows - instead of Acrobat reader
http://www.foxitsoftware.com/pdf/reader/reader-interstitial.html
Reason for Javascript
I seem to recall that Javascript can be used to perform input validation in PDF documents which contain editable text fields. Javascript can also be used to hide menu items in Reader. However, it's my opinion that Reader's increased attack surface is not worth the convenience.
At least Adobe provides a Group Policy template so Reader can be deployed and managed company-wide with its potential for damage mitigated.
Alternatives not well known
The lass broke her works laptop (she claims it just stopped working...) and it seems her IT bods don't actually install half the software required for the job by default when they do a HDD replacement. So, she went to install Reader - cue slow mo' shot of me going "Noooooooo!". You wouldn't believe how dificult it was for me to convince her to go with Foxit instead.
The trouble is nobody has heard of the alternatives, and even if they have, trying to explain why they should use one rather than the crap pumped out by Adobe invariably results in a shrug and "So?".
People need to be taught the value of diversity - it's the same in IT as in gene pools. If we're all the same, some disease/exploit comes along and it's goodnight Vienna. I use Opera and Foxit not because they are the best in their respective fields but because nobody is going to pay a blackhat to design an exploit for them - the RoI just isn't there. I'm therefore a lot safer than the masses just by picking another (free) tool to do the exact same job as IE or Acrobat.
IT infrastructure monitoring strategies
Agentless Backup is Not a Myth
Top 10 SIEM implementer’s checklist
Steps to Take Before Choosing a Business Continuity Partner
Requirements Checklist for Choosing a Cloud Backup and Recovery Service Provider
