Adobe PDF Zero-Day Flaw Enables Location Tracking3:26 PM EST Mon. Apr. 29, 2013
McAfee has detected ongoing attacks targeting an Adobe Reader zero-day vulnerability that could enable attackers to conduct location tracking of a malicious file.
The firm said it detected malicious PDF files that can enable a sender to see when and where a file is opened, wrote Haifei Li, a McAfee threat researcher. While the flaw is not serious -- it doesn't enable remote code execution -- it can be used as part of a targeted attack campaign, Li wrote.
"We don't want to overvalue the issue. However, we do consider this issue a security vulnerability," Li wrote. "Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks."
[Related: Top 10 Malware Threats To Microsoft PCs]
Adobe has not yet confirmed the vulnerability, according to McAfee. A targeted attack often collects data from the victim, and exploiting the flaw opens the possibility of stealing sensitive data on individual behaviors and use patterns, Li said.
Li said the vulnerability is an example of how traditional security technologies that monitor for memory corruption and code execution will fail to miss the malicious nature of the PDF files. McAfee used its behavioral analysis capabilities to detect and flag the unusual behavior of the files, Li said.
The last exploits targeting an Adobe zero-day vulnerability emerged in March and was detected in targeted attacks against activists in Uyghur in Central Asia and activists in Tibet.
Security firms Kaspersky Lab and FireEye reported about ItaDuke because it resembled the Duqu Trojan, data stealing malware used in a campaign believed to be driven by China against manufacturers.
PUBLISHED APRIL 29, 2013