adobe reader threat - disable java now

elcentcom posted 15th of December 2009 in Community Voice. 4 comments.

I thought to let you know, if you don't know alrady. Just got mail from ZDnet about this issue.

Source http://blogs.zdnet.com/security/?p=5119&tag=nl.e58

Adobe confirms PDF zero-day attacks. Disable JavaScript now
Posted by Ryan Naraine @ 9:08 am

Categories: Adobe, Arbitrary Code Execution, Browsers, Data theft, Exploit code...


Tags: Adobe Systems Inc., Adobe PDF, JavaScript, Exploit, Zero-day Bug...
Malicious hackers are exploiting a zero-day (unpatched) vulnerability in Adobe’s ever-present PDF Reader/Acrobat software to hijack data from compromised computers.

According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

The company has activated its security response process but declined to offer any more details until an investigation is complete.

Unfortunately, the company did not provide any mitigation guidance for customers.

The folks at ShadowServer describe the situation as “very bad.”

We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue. This is legit and is very bad.

Here’s what we know so far:

We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009. However, the number of attacks are limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe. We are fully aware of all the details related to the exploit but do not plan to publish them for a few reasons:

There currently is no patch or update available that completely protects against this exploit.


There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.


With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult.

In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable java script:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

Or, better yet, use an alternative PDF Reader software program

 
Comments
·Oldest
·Top
Please login to post a comment.
mallorca
mallorca15th of December 2009
 
Thanks for posting that!
PermalinkReplyPlus0 pluses
SkyForum
SkyForum16th of December 2009
 
Yessir. Very helpful....
PermalinkReplyPlus0 pluses
Xtlman
Xtlman17th of December 2009
 
That is NOT what the Adobe website says in regards to its advisory and they do have a temporary patch available which is basically a Java Blacklist update to the registry.
PermalinkReplyPlus0 pluses
elcentcom
elcentcom22nd of December 2009to Xtlman
 
the adobe fix was supplied yesterday. There was no patch before that.
PermalinkReplyPlus0 pluses
 
 
Home
Features
Pricing
Hosting
Support
About
StartDemo
Below is the legacy version of the Boonex site, maintained for Dolphin.Pro 7.x support.
The new Dolphin solution is powered by UNA Community Management System.

Blogs

Dolphin.Pro News
BoonEx News
Our Journey
Social Software World
Community Voice

Help

Support Forums
Documentation
BoonEx at GitHub
Custom Jobs
Contact Support Team

Product

Dolphin.Pro Features
Live Demo & Sandbox
Download Packages
Pricing & Order
Contact Sales Team

Company

Contact Us
About BoonEx
Privacy Policy
Terms & Conditions
© BoonEx Pty Ltd
SSL
© BoonEx
Home
Features
Pricing
Support
Hosting
About
Demo
PET:0.050858974456787