In association with heise online

15 December 2009, 10:07

Attacks on unpatched holes in Adobe Reader and Acrobat - Update 2

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe reports that a previously unknown security hole in Adobe Reader 9.2 and Acrobat 9.2 (as well as the respective earlier versions) is already being actively exploited to infect systems. The vendor's security team say they are currently investigating the problem, but they haven't disclosed any details about the cause, the circumstances or the affected operating systems. It also remains unclear whether the attacks are targeted and involve individually prepared PDF documents, or whether web pages are already infecting the PCs of their visitors.

Adobe said that an update will be released once further information has become available. Unfortunately, the vendor doesn't suggest any workarounds to provide protection from the new attacks. Previous holes could often be closed temporarily by disabling JavaScript in the Reader. Users are advised to choose a different PDF reader until Adobe has released an update. The most recent update for Adobe Reader was released in November, closing a total of 29 security holes.

Update - According to the Shadowserver Foundation, an association of several security specialists that monitor botnets, malware and phishing activities, the vulnerability is "in a JavaScript function" and users can protect themselves by disabling JavaScript. The exploit has reportedly been in the wild since at least the 11th of December and version 8.x and 9.x are confirmed to be affected. Acrobat and Reader 7.x, have yet to be tested, but may also be vulnerable. The Shadowserver Foundation says that only five out of 41 different anti-virus scanners currently used by VirusTotal, a service that analyses suspicious files, detected malware in the prepared PDF document it provided. By today, though, most anti-virus vendors had published signatures to detect the vulnerability.

Update 2 - Adobe has now posted a security advisory for its Reader and Acrobat products regarding the critical vulnerability. According to the Adobe, Acrobat and Reader 9.2 and earlier are affected on Windows, Mac OS X and Unix. The company says that it plans to make updates available by the 12th of January to resolve the issue.

See also:


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit