Feeds

Adobe Reader 0day under active attack

No mitigations for click-and-get-hacked exploit

The Essential Guide to IT Transformation

Researchers have uncovered sophisticated attack code circulating on the net that exploits a critical vulnerability in the most recent version of Adobe Reader.

The click-and-get-hacked exploit spreads through email that contains a booby-trapped PDF file that remains virtually undetected by most anti-virus programs, according to Mila Parkour, the security researcher who first alerted Adobe to the threat. It was being sent to a small group of individuals who “work on common issues,” he said, causing him to believe they were narrowly selected by the attackers.

Adobe on Wednesday confirmed that the vulnerability affects Reader 9.3.4 and earlier versions for Windows, Mac OS X, and Unix. The company's security team is in the process of figuring out when it will release a patch. Adobe is working with security companies to help them develop detection and quarantine techniques to contain any attacks.

In the meantime, there are no mitigations users can take other than to exercise due care in opening PDF documents. It may also make sense to use an alternate PDF viewer such as FoxIT, but it's not yet been confirmed that that other programs aren't vulnerable.

The malicious PDF, which also exploits Adobe Acrobat, uses some highly sophisticated techniques to ensure success. It contains three separate font packages so it works on multiple versions of the Adobe programs, and it also has been designed to bypass protections such as ASLR, or address space layout randomization and DEP, and data execution prevention, which are built in to more recent versions of Microsoft Windows.

Engineers with the Metasploit framework are in the process of building a module that will make the exploit work with the open-source program for security professionals and hackers. An update could come as soon as Thursday, H D Moore, CSO of Rapid7 and chief architect of the Metasploit project, told The Register.

“It's a pretty complicated exploit and it's going to take a while to take apart,” he said.

The exploit comes as Adobe is putting the finishing touches on a security feature that's designed to significantly lessen the severity of attacks that exploit buffer overflows and other types of common bugs in Reader. The “sandbox” is intended to put a container around the application so that sensitive parts of the operating system can't be accessed by rogue code. Adobe has said it will be available by the end of this year.

Active exploits are likely to become more widespread once the attack code is put into Metasploit.

For now, white hats and black hats alike can glean further details from this analysis on the Contagio Malware Dump blog. It's maintained by Parkour, who described the project as a hobby. ®

Build a business case: developing custom apps

More from The Register

next story
14 antivirus apps found to have security problems
Vendors just don't care, says researcher, after finding basic boo-boos in security software
Only '3% of web servers in top corps' fully fixed after Heartbleed snafu
Just slapping a patched OpenSSL on a machine ain't going to cut it, we're told
How long is too long to wait for a security fix?
Synology finally patches OpenSSL bugs in Trevor's NAS
Israel's Iron Dome missile tech stolen by Chinese hackers
Corporate raiders Comment Crew fingered for attacks
Roll out the welcome mat to hackers and crackers
Security chap pens guide to bug bounty programs that won't fail like Yahoo!'s
HIDDEN packet sniffer spy tech in MILLIONS of iPhones, iPads – expert
Don't panic though – Apple's backdoor is not wide open to all, guru tells us
Researcher sat on critical IE bugs for THREE YEARS
VUPEN waited for Pwn2Own cash while IE's sandbox leaked
Four fake Google haxbots hit YOUR WEBSITE every day
Goog the perfect ruse to slip into SEO orfice
Secure microkernel that uses maths to be 'bug free' goes open source
Hacker-repelling, drone-protecting code will soon be yours to tweak as you see fit
prev story

Whitepapers

Implementing global e-invoicing with guaranteed legal certainty
Explaining the role local tax compliance plays in successful supply chain management and e-business and how leading global brands are addressing this.
The Essential Guide to IT Transformation
ServiceNow discusses three IT transformations that can help CIO's automate IT services to transform IT and the enterprise.
Consolidation: The Foundation for IT Business Transformation
In this whitepaper learn how effective consolidation of IT and business resources can enable multiple, meaningful business benefits.
How modern custom applications can spur business growth
Learn how to create, deploy and manage custom applications without consuming or expanding the need for scarce, expensive IT resources.
Build a business case: developing custom apps
Learn how to maximize the value of custom applications by accelerating and simplifying their development.