madison

Zero Day

Ryan Naraine and Dancho Danchev
Home / News & Blogs / Zero Day

New Adobe PDF zero-day under attack

By | September 8, 2010, 10:28am PDT

Summary: Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.

Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.

Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.

Here’s Adobe’s warning:follow Ryan Naraine on twitter

A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system.There are reports that this vulnerability is being actively exploited in the wild.

Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.

Ominously, Adobe said it cannot offer any pre-patch advice to help users thwart the attacks.

Unfortunately, there are no mitigations we can offer. However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.

An Adobe spokeswoman described the attacks as “limited” but warned that that could change with the availability of public exploit code.   She said the company was notified of the attacks yesterday (Tuesday September 7, 2010) via information from a private partner company.

Affected software includes:

  • Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
  • Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh

The next batch of Adobe Reader/Acrobat patches is scheduled for October 12, 2010 but it is likely the company will ship an out-of-band update for this issue.

UPDATE:  A sample PDF from the attack is publicly available.  It targets Windows users, affects Acrobat 8 and 9, exploits multiple versions at once, and bypasses DEP and ASLR.

Kick off your day with ZDNet's daily e-mail newsletter. It's the freshest tech news and opinion, served hot. Get it.

More from “Zero Day”

Topics

Adobe PDF, Attack, Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues.

Disclosure

Ryan Naraine

The most important disclosure is of my employment with Kaspersky Lab as a security evangelist. Kaspersky Lab is a global company specializing in anti-malware and secure content management technologies. I do not own stocks or other investments in any technology company.

Biography

Ryan Naraine

Ryan Naraine is a journalist and social media enthusiast specializing in Internet and computer security issues. He is currently security evangelist at Kaspersky Lab, an anti-malware company with operations around the globe. He is taking a leadership role in developing the company's online community initiative around secure content management technologies.

Prior to joining Kaspersky Lab, Ryan was Editor-at-Large/Security at eWEEK, leading the magazine's and Web site's coverage of Internet and computer security issues and managing the popular SecurityWatch blog, covering the daily threats, vulnerabilities and IT security technologies. He also covered IT security, hacker attacks and secure content management topics for Jupiter Media's internetnetnews.com.

Ryan can be reached at naraine SHIFT 2 gmail.com. For daily updates on Ryan's activities, follow him on Twitter.

Talkback Most Recent of 36 Talkback(s)

  • Exactly why Flash needs to go...
    PDF and Flash and great formats, but the closed nature of both formats and the fact that the whole world has to wait for a single company to address the issue (instead of the browser teams and OS teams independently working on solutions) makes me for one very nervous. It's exactly this level of dependence on a single company that makes me think Jobs/Apple was right to not put Flash into iOS, and makes me very worried about Android now that they HAVE put Flash into their OS (especially considering how slowly patches for mobile OS's come out compared to desktop OS's).
    ZDNet Gravatar
    timothyt@...
    8th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    @timothyt@...

    PDF is not closed.

    http://en.wikipedia.org/wiki/Adobe_PDF

    http://www.adobe.com/devnet/pdf/pdf_reference.html
    ZDNet Gravatar
    dragosani
    8th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    @dragosani
    Don't bother...he'll just report you as spam too!

    Update! Guess the moderator saw that it wasn't spam!
    My post came back!
    ZDNet Gravatar
    wizard57m@...
    8th Sep 2010
  • Say what?
    @timothyt@... quote "It's exactly this level of dependence on a single company that makes me think Jobs/Apple was right to not put Flash into iOS, "
    OK, let's forget that this blog post didn't mention Flash at all and get that out of the way! end quote
    The PDF vulnerability is also cross-platform. You do know what that means, don't you? Here..."Heres Adobes warning:

    "A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh."

    OK, got that out of the way. Finally...you rant against dependence on a single company, and to support your position you use Apple as your example? Is Apple now made up of more than a single company? Closed nature of Flash and PDF? Ever hear of OSFlash for Flash or PDFCreator for PDFs?
    ps...use the "search" function on your iPad prior to posting.
    ZDNet Gravatar
    wizard57m@...
    8th Sep 2010
  • This has NOTHING to do . . .
    @timothyt@...

    With Flash. And as for .pdf, there are several readers you can use, you don't have to use Adobe's. There is Foxit Reader, and Nitro PDF Reader, both of which are good.

    As for the closed format issue, I suggest you read this before sticking your foot any further down your throat:

    http://en.wikipedia.org/wiki/Portable_Document_Format

    And one more thing:

    Stop Trolling!!! There are better ones than you, and they don't even have to resort to sounding like a 5 year old ( most of the time anyway).
    ZDNet Gravatar
    JLHenry
    8th Sep 2010
  • Exactly why ZD need to go
    horseshit terms like "zero day", used over and over for years but never defined.

    We have an ample language, yet these "journalists" seem unable to communicate with it.

    This is reminiscent of L.A.'s "red flag alerts". WTF is that supposed to mean? "Holy crap, dudes, RED FLAGS are raining down from the heavens!"
    ZDNet Gravatar
    dgurney
    16th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    Thanks so much! replica watches
    ZDNet Gravatar
    lovedong
    13th Sep
  • Adobe reader vs Foxit
    Big fan of Foxit. Are they under the same vulnerabilities as Adobe or just not enough hacker interest to try?
    ZDNet Gravatar
    powaymojo
    8th Sep 2010
  • Foxit
    @powaymojo
    I don't know either, but the last serious vulnerability did affect Foxit (one of my favs too). BRB (checking Foxit web site) Didn't see anything on the Foxit site, not on front page anyhow.
    ZDNet Gravatar
    wizard57m@...
    8th Sep 2010
  • Foxit guys fix the problem in days
    Adobe took months.
    ZDNet Gravatar
    wackoae
    8th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    @powaymojo Yes, they do have some of the same (if not the same) vulnerabilities as Adobe. HOWEVER, they are also a much smaller application so are easier to fix.
    ZDNet Gravatar
    Lerianis10
    9th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    @powaymojo

    I just had a user with Foxit Reader that was infected. It doesn't seem limited to Adobe.
    ZDNet Gravatar
    audidiablo
    9th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    the story does not tell me exactly how this is done. if they would be more explicit in the information i would be able to determine how to protect myself. does this mean, i cannot open any pdf file or send one??
    ZDNet Gravatar
    ranchgirl2
    8th Sep 2010
  • RE: New Adobe PDF zero-day under attack
    I really would like to know if this an Adobe only problem or a general PDF reader problem, there are many of us who got rid of cluttered and overloaded Adobe reader a long time ago and use FoxIt PDF or something else.
    ZDNet Gravatar
    malcarada
    8th Sep 2010
  • Oh the humanity.
    Folks if you are like me, when you read today's Adobe flaw headline, you mutter, 'who cares?'.

    Why? Because it doesn't matter if:

    o You use Ubuntu with AppArmor profiled Evince (PDF reader)
    o Or your Ubuntu Windows VM instance is set to 'immutable'

    The latter makes anything that *may* get a toehold in your Windows VM session get thrown away when you shutdown the VM. It returns to its original pristine (immutable) state.

    No worries. Be happy.

    Ubuntu Linux: The safest operating system on the planet.

    I stake my reputation on it.
    ZDNet Gravatar
    Dietrich T. Schmitz, ~ Your Linux Advocate
    8th Sep 2010
View More Comments

Talkback - Tell Us What You Think

Formatting +
BB Codes - Note: HTML is not supported in forums
  • [b] Bold [/b]
  • [i] Italic [/i]
  • [u] Underline [/u]
  • [s] Strikethrough [/s]
  • [q] "Quote" [/q]
  • [ol][*] 1. Ordered List [/ol]
  • [ul][*] · Unordered List [/ul]
  • [pre] Preformat [/pre]
  • [quote] "Blockquote" [/quote]
Click Here
Click Here

The best of ZDNet, delivered

ZDNet Newsletters

Get the best of ZDNet delivered straight to your inbox

Facebook Activity

Blog Roll

Blog Archive

White Papers, Webcasts, & Resources
Click Here