Zero-day Attack Found In Adobe Acrobat

Critical Level Zero-day Attack Found, Affects All Versions of Adobe Acrobat and Adobe Reader

Zero-day Attack Found In Adobe Acrobat

Adobe and others have warned against a critical-level security flaw affecting all recent versions of Adobe Acrobat and Adobe Reader for all platforms including Windows, Mac OS X and Linux.

The attack is known as a zero-day attack because it takes advantage of computer vulnerabilities that do not currently have a solution, making it even more dangerous. In this case, all versions of Acrobat and Reader are vulnerable. Attackers are going after the vulnerability by sending infected .pdf e-mail attachments to various users.

Adobe engineers will not be able to come up with a patch until March 11 for Acrobat Reader 9 and Acrobat 9 with earlier versions to follow.

We highly recommend that users of Mac OS X use the Preview application to view their PDF files. We’ve included a brief how-to on this at the end of the post.

Windows users are highly encourage to disable Javascript, prevent PDF documents from being opened automatically in Internet Explorer or Firefox, disable the display of PDF documents in ANY browser and exercise extreme caution when receiving PDFs from an unknown source.

Symantec employee Patrick Fitzgerald stated that the people behind these PDF’s “are using targeted attacks against high-ranking people within different organizations - for example, locating the CEO’s email address on the comanay website and sending a malicious PDF in the hope that their malicious payload will run.” 

Symantec also said that “once the machine is compromised, the attackers may gain access to sensitive corporate documents that could be costly for companies breached by this threat.”

The vulnerability is caused by an error in parsing particular structures within the PDF format. Once the document is open, the trigger is pulled.

Users are urged to keep their antivirus definitions up to date and open PDF attachments ONLY from trusted sources.

The malicious PDFs using the exploit will be detected as Trojan.Pidief.E. as per the latest virus definitions. The malicious payload is detected as Backdoor.Trojan, a popular open-source toolkit originating from China, known as GH0ST.

The GH0ST backdoor is modular meaning that attackers can use it to view the desktop, record keystrokes or remotely access the compromised machine.


Mac OS X Users:

To set Preview as the default application for handling PDFs do the following:

Zero-day Attack Found in All Versions of Adobe Acrobat and Adobe Reader

1) Select any PDF on your desktop
2) Right click the PDF and select Get Info (or press ⌘ + i )
3) Select Preview under the Open with drop-down
4) Click “Change All…” to apply the setting to all PDFs



Click here to read the Official Security Advisory from Adobe

Find out how easy it is to save on car insurance. Visit Esurance today!

Click here to read the alert from the U.S. Computer Emergency Readiness Team (US-CERT)


Share and Enjoy:
  • E-mail this story to a friend!
  • Print this article!
  • Reddit
  • Digg
  • TwitThis
  • Live
  • Google
  • Sphinn
  • MySpace
  • Facebook
  • StumbleUpon
  • LinkedIn
  • Mixx
  • Technorati

Leave a Reply