New zeroday flaw in Adobe Reader already being exploited by phishers

first_imgAdding a sandbox to Adobe Reader was easily one of the best security moves the company ever made, but it wasn’t the silver bullet that ended all its woes. For example, just days after Adobe issued an out-of-band patch to address critical flaws a new exploit has been discovered — and it’s already being put to bad use by criminals in targeted phishing attacks. That free McAfee Security Scan download Adobe offered you probably isn’t going to offer any real protection here.Security researchers at FireEye spotted the new attack in the wild. After successfully exploiting a vulnerable version of Adobe Reader, the malicious PDF drops its payload: two DLLs that work in tandem. The first causes a bogus error message to be displayed and acts as a misdirect while the other embeds itself on the compromised system and begins phoning home to remote servers. FireEye swiftly reported the exploit to Adobe, which quickly updated its Security Incident Response blog with an acknowledgement.Adobe’s post says that the zero-day is being investigated and that the most recent version of Reader (11.0.1) is indeed vulnerable. The company is moving on to risk assessment and will update the public on its findings.It’s possible FireEye happened upon an isolated incident, but that’s not generally the case with Reader exploits. Once exploits like these prove successful, they tend to spread rapidly. PDF exploits can be particularly nasty since they’re typically linked to intricate social engineering schemes and spearphishing campaigns — like the one that saw RSA compromised last year. Typical these attacks are launched against people with sensitive information to protect, like defense contractors, government agencies, and activists.It’s always best to avoid opening unsolicited and sketchy-sounding PDF files (like waybills from UPS or invoices for things you don’t recall buying), but that’s especially true right now. Until Adobe has taken care of this latest flaw, it’s probably best to preview PDF files with Google’s web-based tool or a free app like Sumatra PDF that isn’t vulnerable.last_img

Leave a Reply

Your email address will not be published. Required fields are marked *