This article was published on February 13, 2013

New vulnerability in latest versions of Adobe Reader is being exploited in the wild: Use another PDF reader


New vulnerability in latest versions of Adobe Reader is being exploited in the wild: Use another PDF reader

A new Adobe Reader 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling Adobe Reader and using another PDF reader is the only way to protect your computer.

The finding comes from FireEye, which says the critical vulnerability allows criminals to inject malicious code into a system. The company says it has confirmed successful exploitation on the latest versions of Adobe Reader, including 9.5.3, 10.1.5, and 11.0.1.

FireEye researchers say they encountered a specially crafted PDF document which drops two DLLs on Windows when opened. It’s unclear if the sample was captured as a result of one of the company’s clients being targeted, or if the researchers discovered the attack elsewhere on the Web.

Threats could of course vary, but in this case the first DLL shows a fake error message and opens a decoy PDF document (common in targeted attacks) to cover up what is happening behind the scenes. The second DLL meanwhile drops the callback component which talks over HTTP to a remote domain (to communicate with the criminals).

The security firm recommends users should only use Acrobat Reader to open PDF documents from trusted sources and should disable the Adobe PDF plugin inside browsers. We recommend that you avoid using Adobe Reader until a patch is released (I personally use Foxit).

FireEye says it has contacted Adobe, which is currently investigating the report. The issue might be related to this recent statement from Adobe made on Tuesday:

Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information.

We have contacted Adobe about this latest flaw for more information and to confirm this is the same one. We will update this article if we hear back.

Update: Yes, it’s the same one. Stay clear of Adobe Reader until a patch is out.

Image credit: Robert Linder

Get the TNW newsletter

Get the most important tech news in your inbox each week.

Also tagged with


Published
Back to top