Adobe Warns Of Attack Exploiting Zero Day Flaw

Adobe warned Wednesday that a zero day vulnerability in both Reader and Acrobat is being actively exploited for attacks in the wild.

The exploit, which Adobe categorized with the highest severity rating of "critical," was distributed via a phishing attack, indicated by the e-mail subject line "David Leadbetter's One Point Lesson."

The attack affects the latest versions of Acrobat and Reader -- Adobe Reader 9.3.4, 8.2.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for both Windows and Mac.

Details of the attack are scarce. But essentially, the vulnerability stems from a boundary error that exists within the font parsing in CoolType.dll, which triggers a stack-based buffer overflow glitch when attackers trick a user into opening a malicious PDF file, typically through some kind of social engineering scheme.

Once the malicious PDF file is opened, the vulnerability could cause a user's computer to crash and enable an attacker to launch malicious code allowing them to take complete control of the affected system.

"So the good news is that, as of right now, it's a 'loud exploit,'" said John Bambenek, SANS Institute researcher in a blog post Wednesday. "Early VirusTotal scans also had partial coverage under various forms of 'suspicious PDF' categories."

Adobe said in a security advisory that it is currently is in the process of evaluating the schedule to determine when a security update repairing the flaw could be released.

Until the company determines a fix, Adobe suggests that users reduce the risk of attack by keeping up-to-date anti-malware and definitions.

"At this point, standard precautions apply (don't open PDF's from strangers)," Bambenek said, "and this can probably only really be used in a phishing style scenario."

Tweet

   

More Security