Wednesday, December 7, 2011

Be very careful reading PDFs on the web or in email this week.

I've seen a lot of stories about this yesterday and today.  Apparently there is a flaw in Adobe Reader that is being exploited right now.   Adobe is expected to release a patch next week, but for now, I recommend using an alternate PDF reader.  The lightest-weight alternative is Sumatra PDF, which I use, but I also use Foxit Reader. If you use Foxit Reader, be sure to disable Javascript.

The last link below, at GFI.com, includes some examples of typical PDF malware, so if you would like to see what they would look like please visit that site.

Attackers Hit New Adobe Reader, Acrobat Flaw — Krebs on Security
Malicious hackers are targeting a previously unknown security hole in Adobe Reader and Acrobat to compromise Microsoft Windows machines, Adobe warned today.

Adobe says attackers are taking advantage of a newly discovered critical flaw that exists in Adobe Reader X (10.1.1) and earlier versions for Windows and Mac systems, and Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, as well as Adobe Acrobat X (10.1.1) and earlier for Windows and Mac machines. A security bulletin warns of reports that the vulnerability is being actively exploited in “limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.”

Adobe said it plans to ship an emergency update to address the vulnerability in Reader 9.x and Acrobat 9.x on Windows no later than the week of Dec. 12. Citing protections built into newer versions of its software, however, Adobe said it would not fix the flaw in Reader X or Acrobat X versions for Windows, Mac, or UNIX versions until Jan. 10, 2012, the date of its next scheduled quarterly security update. Adobe’s Brad Arkin explains more about the company’s reasoning behind this decision in a blog post published along with the advisory.

If you are using Adobe Reader or Acrobat, take a moment to make sure you have the latest version. It also never hurts to consider one of several free PDF reader alternatives to Adobe, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF.


Adobe PDF Reader zero-day under attack | ZDNet

By | December 6, 2011, 12:49pm PST

Summary: According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6. An emergency fix is coming next week.

Unknown hackers are exploiting a zero-day vulnerability in Adobe’s PDF Reader software to launch “limited, targeted attacks” against high-value Windows users.

According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6.  Details on the attacks and targets are not known at this time.

The company plans to ship an emergency patch for Adobe Reader and Acrobat 9.x for Windows “no later than the week of December 12, 2011.”

The vulnerability is also present in Adobe’s newer Reader X software but because there are anti-exploitation roadblocks in that version, the company is in no rush to release Reader X updates to thwart this wave of attacks.

Adobe Security Advisories: APSA11-04 - Security Advisory for Adobe Reader and Acrobat
A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
PDF Malware is Back in Season
Avid readers of the GFI Labs blog can attest that they’re no strangers to this kind of attack: one receives an email purporting to have come from a legitimate company with an attached Adobe .PDF file claiming that it’s either a receipt, a document, or a ticket. Claims of what the attachment is supposed to be varies, but what remains consistent is that the email always instructs recipients to open it and / or save it on their computer. What happens more often is that systems get infected and users are left wondering what happened.

No comments: