Adobe investigating Reader, Acrobat exploit reports

[DKT27]

Adobe investigating Reader, Acrobat exploit reports

Adobe warned of reports of an attack exploiting a hole in Reader and Acrobat on Monday.

"This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild," the company said in an advisory on its Security Incident Response Team blog. "We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."

Three different security vendor partners reported the alleged exploit to the company on Monday afternoon, said Adobe spokeswoman Wiebke Lips. She said she could not provide more details.

Last week, Adobe released a critical update affecting Flash Player and Adobe AIR.

Meanwhile, some Macintosh users were reporting on the Adobe Forums site that they were having problems installing an update from October that resolved a critical vulnerability in Adobe Reader and Acrobat 9.1.3 that had reportedly been exploited in the wild.

Updated 6:01 p.m. PST with Mac user problems installing update.

Source - CNET

[DKT27]

Symantec confirms zero-day Acrobat, Reader attack

Symantec on Tuesday confirmed a vulnerability in Adobe Acrobat and Reader and said it was being exploited by a Trojan hidden in e-mail attachments.

The malicious Adobe Acrobat PDF file is distributed via an e-mail attachment that "drops and executes when opened on a fully patched system with either Adobe Acrobat or Reader installed," Symantec said in a statement.

Symantec identified the file as Trojan Pidief.H, which targets Windows 98, 95, XP, Windows Me, Vista, NT, 2000 and Server 2003.

The rate of infection is extremely limited and the risk assessment level is very low, according to Symantec.

The exploit has been in the wild since at least last Friday, according to the Shadow Server blog.

"Several tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat [Reader] to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable," the post says. "We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue. This is legit and is very bad."

The vulnerability is in a JavaScript function within Adobe Acrobat Reader itself, the Shadow Server post says, before advising users to disable JavaScript.

Adobe posted a security advisory late on Tuesday saying that it had confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could crash the system and allow an attacker to take control of the computer.

Affected software is Reader 9.2 and earlier for Windows, Macintosh, and Unix, and Acrobat 9.2 and earlier for Windows and Macintosh, Adobe said. The company recommended disabling JavaScript to protect the system.

Adobe had said on Monday night that it was investigating reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild.

Adobe has increasingly had to deal with holes in and exploits targeting its popular software. Adobe issued updates in October that fixed nearly 30 holes in Reader and Acrobat 9.2. Earlier that month, Trend Micro reported on a zero-day exploit targeting Adobe Reader, as well as 9.1.3 and earlier versions of Adobe Systems' Acrobat.

In July, Adobe warned of attacks in which malicious PDF files were exploiting a vulnerability in Flash. And in April a new Reader hole emerged after Adobe fixed a two-month-old critical vulnerability in Adobe Reader 9 and Acrobat 9.

Updated 5:10 p.m. PST with Adobe confirming vulnerability.

Source - CNET

[DKT27]

Adobe to patch zero-day Reader, Acrobat hole

Adobe on January 12 will patch a critical hole in Reader and Acrobat that is being exploited in attacks. That date is the company's next scheduled quarterly security update release.

The zero-day hole, which affects Reader and Acrobat versions 9.2 and earlier, could crash the system and allow an attacker to take control of the computer.

Malicious Adobe Acrobat PDF files are distributed via an e-mail attachment that, when opened, executes a Trojan that targets Windows systems, according to Symantec. The rate of infection is extremely limited and the risk assessment level is very low, the company said.

Adobe decided to issue the patch in cycle in about four weeks rather than work on an earlier patch release because that would take between two and three weeks to deliver and would put the regular quarterly update off schedule, the company said in a blog post.

"The team determined that by putting additional resources over the holidays towards the engineering and testing work required to ship a high confidence fix for this issue with low risk of introducing any new problems, they could deliver the fix as part of the quarterly update on January 12, 2010," Adobe's Brad Arkin wrote.

In the meantime, customers can use a new JavaScript Blacklist mitigation feature that allows for easy disabling of JavaScript, Arkin said.

"Additionally, an informal poll we conducted indicated that most of the organizations we talked with were in favor of [releasing the patch in cycle] to better align with their schedules," he wrote.

Meanwhile, Webroot analyzed the payload of the malware and found that it installs three files that look like Windows system files that are digitally signed with a forged Microsoft certificate. Unlike legitimate Microsoft-signed certificates, these lack an e-mail address and a time stamp, the company said in a blog post.

"Authors of Trojan horse apps rarely go to the trouble of digitally signing files in this way," writes Webroot researcher Andrew Brandt. "It's not clear why they would be digitally signing files, but clearly the person or people behind this are up to no good."

Updated 3:50 p.m. PST with Webroot finding forged Microsoft certificates in the malware.

Source - CNET

[Night Owl]

Adobe Reader and Adobe Acrobat sure are being targetted for the last few months. I just started using Foxit Phantom and it seems to be a pretty good alternative to Adobe Acrobat.

[DKT27]

Yea foxit is really good. Foxit is quite less in size as compared to Adobe reader. Adobe reader used to take more than 500-600MB on my PC in all.

Infact I feel foxit is far more better than Adobe.

[Night Owl]

I tried Foxit Reader, but there wasn't a way to save Web pages to PDF though. Instead of trying to figure out how to add Fixit PDF Creator, I just uninstalled Foxit Reader and installed Foxit Phantom. Foxit Phantom only takes 22.7 MB in my Program Files (x86) folder. Yeah, Adobe Acrobat was taking about 600 MB or so which is just too much.

[DKT27]

Hmm. What does Phantom offer?

[Night Owl]

Foxit Phantom lets you:

• create standards-compliant PDF documents
  
• edit PDF files directly when they are created (they say Adobe Acrobat cannot do this)
  
• convert any type of printable document, including DOC, SLT, PPT TXT, E-MAIL, HTML formats (and many others), allowing conversion to a PDF format with just one click
  
• merge and split PDF Files
  
• use the annotation tools to add comments, highlights, stamps, and more.
  
• delete pages, add pages, and assemble new PDF documents
  
• password protect documents, add certificate encryption, and sign with digital certificates
  
• use form design tools that let you quickly turn your documents into electronic forms for distribution by e-mail or via a website
  

[DKT27]

Hmm. Thanx for the info. I'll use it as soon as I find a medicine for it. Don't worry I'm expert in it. ;)

[Night Owl]

The medicine was posted here and it works great. :dance2: Yes, I'm sure you'll find the medicine. ;)

[DKT27]

Yea thanx for the info.

It's posted here -

I can see no one thanked him. :unsure:

ANW I'll download it later, I'm off.

[Night Owl]

You're welcome.

:o I downloaded it a long time ago, but I only installed it two days ago. OK, I have thanked the uploader now. Phew!! :)