In association with heise online

08 November 2012, 12:48

Alleged 0day exploit for Adobe Reader in circulation

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe Reader logo

Moscow-based IT security firm Group-IB reports that the current versions of Adobe Reader contain a critical vulnerability that allows attackers to bypass the application's sandbox and inject malicious code into a system. Apparently, an exploit for the Black Hole attack framework is already available for purchase on underground forums – costing approximately $30,000 to $50,000.

In a video posted on YouTube, Group-IB demonstrates the vulnerability using the latest version of Reader XI (11.0); the series 10 versions are also thought to be vulnerable. All of Reader's relevant protective security features – including the sandbox – can be seen as being active in the video. Whether the specially crafted PDF document is executed directly in Reader or in a browser via the Reader plugin doesn't seem to make a difference.

Group-IB demonstrates the vulnerability with Adobe Reader XI

Group-IB has not revealed the origin of the proof-of-concept demo exploit that is shown in the video or disclosed any other details concerning the hole – neither publicly, nor to Adobe. Talking to security blogger Brian Krebs, an Adobe spokesperson said that they haven't been able to verify Group-IB's allegations due to a lack of information. The company said that it now plans to take the initiative and "reach out" to the security firm.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit