Adobe PDF Reader zero-day under attack

Adobe PDF Reader zero-day under attack

Summary: According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6. An emergency fix is coming next week.

SHARE:
TOPICS: Security
34

Unknown hackers are exploiting a zero-day vulnerability in Adobe's PDF Reader software to launch "limited, targeted attacks" against high-value Windows users.

According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6.  Details on the attacks and targets are not known at this time.

The company plans to ship an emergency patch for Adobe Reader and Acrobat 9.x for Windows "no later than the week of December 12, 2011."

The vulnerability is also present in Adobe's newer Reader X software but because there are anti-exploitation roadblocks in that version, the company is in no rush to release Reader X updates to thwart this wave of attacks.follow Ryan Naraine on twitter

"The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE)," according to Adobe security chief Brad Arkin.

Arkin says that focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows Adobe to ship the update much earlier. "We are conscious of the upcoming holidays and are working to get this patch out as soon as possible to allow time to deploy the update before users and staff begin time off. Ultimately the decision comes down to what we can do to best mitigate threats to our customers," Arkin added.

Arkin also pleaded with Adobe users to upgrade to the latest and greatest versions:

I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!

Adobe rates this a "critical" issue that currently haunts Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh.

"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warned.

Topic: Security

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

34 comments
Log in or register to join the discussion
  • Good article.

    Recent versions appear to be working better.
    Joe.Smetona
  • Why do they keep making patches for the old versions??

    And more importantly, why don't they just push old new major versions through the update mechanisms of the old ones?

    Bill O'Reilly says "you can't explain that".
    Joe_Raby
    • RE: Adobe PDF Reader zero-day under attack

      @Joe_Raby : old versions are needed because there are applications (that may not be able to be upgraded yet) that are built to integrate at some level or another with specific versions of either Acrobat or Acrobat reader. Corporate use requirements can be a far cry from an individual user's requirements.
      mihondo
    • RE: Adobe PDF Reader zero-day under attack

      @Joe_Raby Because some people might not be able to run the new versions, and Adobe decided that just because they can't run the latest and greatest, that doesn't mean they should be left twisting in the wind.

      Also, as mihondo says, corporate environments might not be using the latest version, so it makes sense to keep the previous versions secure as well.
      Third of Five
  • RE: Adobe PDF Reader zero-day under attack

    I don't use Adobe Reader. Do you?
    hawkeye96
    • RE: Adobe PDF Reader zero-day under attack

      @hawkeye96 Nope. Foxit all the way.
      statuskwo5
      • RE: Adobe PDF Reader zero-day under attack

        @statuskwo5 i second this
        kidjenius
      • RE: Adobe PDF Reader zero-day under attack

        @statuskwo5

        Not anymore Foxit has become just as bloated recently, as well as multiple hijacks.. (home page, tool bars, etc)...
        Bozzer
      • RE: Adobe PDF Reader zero-day under attack

        @statuskwo5

        Right on! You don't have to load the excess baggage (tool bars, etc)
        hdolph@...
    • RE: Adobe PDF Reader zero-day under attack

      @hawkeye96
      Yes I use Adobe Reader, and the security features in Reader 10 are one of the big reasons. Does your PDF reader have sandboxing? All components opt into ASLR?
      mechBgonII
    • RE: Adobe PDF Reader zero-day under attack

      @hawkeye96 Yes, I use it.
      tom@...
    • RE: Adobe PDF Reader zero-day under attack

      @hawkeye96

      Nah I stopped using that buggy mess over a year ago, Foxit loads faster and you don't have to install its optional plugins, such as the offered toolbar, etc.

      With Adobe they force all that other worthless junk, Adobe Air, Speed Launcher, Arm and other stuff onto you even if you tell it not to include those things. I personally don't see a need to have parts of a PDF viewer loading when my OS loads, that only serves to slow boot time down and has little to no use in a practical way. Shame on Adobe for the bloatware and an unnecessarily slow loading software. Now only if I could find a replacement for Flash Player.
      brittonburton@...
  • RE: Adobe PDF Reader zero-day under attack

    "I???d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x..."

    Interesting statement...'any remaining users', not good for PR, but, are there any?

    I've been using Foxit Reader (and uninstalled the Adobe Reader bloatware) since it was first released. It has to be 10 times faster (probably 20) to view a pdf.
    (I just hate those site that 'force' you to use it)
    scudrunner
    • RE: Adobe PDF Reader zero-day under attack

      @scudrunner
      sorry, if adobe is slowing your pc down then its time for a new pc buddy... the resource usage is practically obsolete... so how it can be slow, i wouldnt understand
      mad-doggie
      • RE: Adobe PDF Reader zero-day under attack

        @mad-doggie<br><br>If Adobe products are constantly insecure to the point where Adobe is updating one of its products every week, and constantly bloated to the point where a new PC is required to run them, shouldn't we just do away with Adobe products and make due without the vulnerable and bloated software? I am still using a 2.6 GHz P4, and it is still faster than my internet connection. I do not need a faster PC at this point in my life. I am not going to upgrade to accommodate Adobe's bloatware, nor should I be expected to.<br><br>Seriously, think about your reasoning. If Firestone started making solid lead tires, are you going to buy a new car with a bigger engine to push them around, or are you going to not use solid lead tires? I choose not to use solid lead tires. I also choose not to use Adobe products that I can do without. I use Foxit whenever I can, and hope I see the day when Flash is replaced with html5. (The constant updating is pissing me off!)<br><br>(PS I just threw the name Firestone out there. I have no beef with them. Insert any manufacturer.)
        mlashinsky@...
    • RE: Adobe PDF Reader zero-day under attack

      @scudrunner

      A website cannot Force you to use anything, simply download the PDF and open it in whatever reader you like.
      Bozzer
      • RE: Adobe PDF Reader zero-day under attack

        @Bozzer

        Yeah, about that, many financial websites just don't work with Foxit, and the workarounds aren't a good option at work. I might be able to do it, but I cannot expect my users to.
        mlashinsky@...
  • What?!?

    Heavens forbid! Adobe having a zero day vulnerability? Has to be a misprint? A dreadful reporting error?<br><br>(...said with more than [i]just a hint[/i] of cynical sarcasm)
    thx-1138_
    • A dreadful reporting error?

      @thx-1138_@...
      Unfortunately not!
      But don't worry I'm confident that Adobe will soon get the PDF Reader software back to its fine, swift, stability that it's always been the hallmark of this customer-centric company...

      ...oops back to the real world!
      Agnostic_OS
  • RE: Adobe PDF Reader zero-day under attack

    Adobe 10 reader chaged all my Icons to the Adobe graphic. I uninstalled Adobe and my Icons returned to normal. Removed every trace of Adobe reader and tried to re install several times and the same problem resulted. So I found FOXIT and it has a lot of great features.
    jcohen1426@...