August 30, 2014

Adobe Reader Zero-day Vulnerability Patch Coming Today?

(LiveHacking.Com) - Ten days ago Adobe published a security advisory for Adobe Reader and Acrobat detailing a “critical” zero-day vulnerability that was already being actively exploited on the Internet, specifically against Adobe Reader 9.x on Windows.

The vulnerability is present in Adobe Reader and Adobe Acrobat X and 9.x, however Reader X and Acrobat X users can protect themselves against it by using Protected View / Mode. However there is no work around for Adobe Reader 9.x. Therefore Adobe promised a new release of Adobe Reader and Adobe Acrobat  9.x to fix the problem. This update is expected today.

According to Brad Arkin, the Senior Director for Product Security and Privacy at Adobe, the rationale behind releasing a hot fix only for Adobe Reader and Acrobat 9 on Windows is that “this is the version and platform currently being targeted.”

Soon after Adobe published details of the vulnerability, researchers at Symantec released details of attacks seen in the wild saying that the “critical vulnerability has recently been seen exploited in the wild in targeted attack emails sent on November 1st and 5th. This attack leverages the zero-day vulnerability in order to infect target computers with Backdoor.Sykipot.”

To exploit the zero-day vulnerability the attackers sent out emails with a specially crafted PDF attachment. This PDF uses a bug in Adobe’s Universal 3D (U3D) processing to cause a memory corruption and deliver its payload. News reports suggest that the emails targeted defense contractors, however companies in the Telecoms, Wholesale, and computer hardware industries have also been targeted.

Adobe Reader X and Adobe Acrobat X users should verify that they are using Protected View / Mode:

  • To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
  • To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.

Adobe Acrobat has Critical Zero-Day Vulnerability

(LiveHacking.Com) - Adobe has published a security advisory for Adobe Reader and Acrobat detailing a “critical” vulnerability which when exploited can cause a crash and potentially allow an attacker to take control of the affected system. There are also reports that this vulnerability is being actively exploited on the Internet, specifically against Adobe Reader 9.x on Windows.

The vulnerability, which affects Adobe Acrobat X and Adobe Reader X and earlier versions for Windows and Macintosh, and Adobe Reader 9.x versions for UNIX, is in the Universal 3D (U3D) processing. U3D is a compressed file format standard for 3D computer graphics data which is natively supported by PDF. A U3D memory corruption causes the vulnerability and can allow an attacker to take control of the affected system.

Adobe Reader X using Protected Mode and Adobe Acrobat X using Protected View are not vulnerable. Therefore Adobe will release a fix for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. However, Adobe Reader X and Adobe Acrobat X will be updated in the next quarterly security update which is currently scheduled for January 10, 2012 when the Mac and UNIX versions will also be updated.

According to Brad Arkin, the Senior Director for Product Security and Privacy at Adobe, the rationale behind releasing a hot fix only for Adobe Reader and Acrobat 9.4.6 on Windows is that “this is the version and platform currently being targeted.”

“All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE)” he wrote.

It is therefore essential that Adobe Reader X and Adobe Acrobat X users verify that they are using Protected View / Mode.

  • To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
  • To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.

New Security Hole Found in Adobe Acrobat Reader

Adobe has announced about a potential vulnerability in Adobe Reader.

With reference to Adobe blog, there is a possibility of Denial of Service and arbitrary code execution. The vulnerability might be mitigated in Adobe Reader 9.2 or later and 8.1.7 or later by utilizing the JavaScript Blacklist Framework. Note that Adobe Acrobat is not affected by this issue.

Visit Adobe blog for more information about this vulnerability.