In association with heise online

20 February 2009, 10:29

Zero day hole in Adobe Reader and Acrobat

  • Twitter
  • Facebook
  • submit to slashdot
  • StumbleUpon
  • submit to reddit

Adobe has warned of a critical hole in Adobe Reader and Acrobat for all operating systems. The hole can be exploited to infect computers with malware. Although the flaw is already actively being exploited by attackers, Adobe reportedly does not plan to release a patch, or an update, to close the hole in the series 9 versions, until the 11th of March. Updates for version 7 and version 8 are to follow shortly thereafter.

For a successful attack to occur, the victim has to open a specially crafted PDF file. According to the Shadowserver Foundation, an association of several security specialists that monitor botnets, malware and phishing activities, users can prevent the hole from being exploited by disabling JavaScript in Adobe Reader and Acrobat. To do this, untick the "Enable Acrobat JavaScript" box in the Edit/Preferences/JavaScript menu.

Several anti-virus software manufacturers already detect the zero day exploit as Trojan.Pidief and block it. While Symantec appears to have included a signature, protecting users from this exploit, since the 12th of February, it has only assigned a low rating to this threat. At the moment, the exploit is reportedly only used for targeted attacks. However, experience shows that this tends to change rather quickly and malformed PDF documents can be expected to appear on web pages soon.

The exact origin of the hole is unknown. According to the specialists at Shadowserver, the exploit initially deploys the malicious code in memory, via heap spraying, to be accessed at a later stage. As it uses JavaScript to do so, disabling JavaScript is a viable workaround.


Print Version | Send by email | Permalink:

  • July's Community Calendar

The H Open

The H Security

The H Developer

The H Internet Toolkit