“While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public,” the researcher continued. “The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution.” “In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location,” blogged McAfee researcher Geok Meng Ong. With attacks being targeted initially, and becoming more wide spread I would have thought immediate patching would have been more suitable. I don’t see how patch management will help here either, the patch won’t be out until 3 weeks after the exploit has become public. Allowing complete control over the system, with the majority of people still using the Administrator account to user their computers on a day-to-day basis – that’s not good. Ok March 11th, only about 3 weeks to get a fix for a potentially very serious problem. If exploited successfully, the bug could allow a hacker to take complete control of a vulnerable system.
The bug is due to an error in the parsing of certain structures in PDF files.
Updates for earlier versions will come later, company officials said in an advisory. Hackers have once again turned to PDF files to spread their wares, this time assaulting a zero-day flaw affecting Adobe Reader and Acrobat.įortunately, the unpatched bug is on the company’s radar, and fixes for Adobe Reader 9 and Acrobat 9 are slated to be available March 11. Adobe officials say a fix for the issue will be available for Adobe Reader and Adobe Acrobat in the coming weeks. Hackers are targeting a zero-day vulnerability affecting Adobe Reader and Acrobat with malicious PDF files. This time it’s a zero-day just hit and it is being actively exploited, with the worrying statement made that the fix will come in the ‘ following weeks‘. It was only back in February last year when there was a bug in Adobe Reader, and almost exactly a year later another one. Another flaw in the Adobe product suite! It seems like PDF is turning into a complex animal, complexity of course always brings more security issues.
0 kommentar(er)
