Share
For those who enable JavaScript in Adobe Reader and Acrobat, only to disable it again when a new round of vulnerabilities are made public and attacked, it's time to turn it off again. Adobe has said that there is a new attack being executed online and that a patch will be made available on October 13.
Adobe promises a Clickjacking patch, while RSnake releases more information.(IMG:Adobe)
This is the fourth attack on PDF files this year, and according to TrendMicro and other researchers, it centers on the use of JavaScript to execute arbitrary code. The heap spray attack is only one aspect, as Trend researchers in a blog post speculated that the present attack vector could be modified to avoid the use of JavaScript.
The Trend blog post mentioned that they noticed the shellcode heap sprayed will jump to another bit of shellcode in the malicious PDF. This shellcode is what extracts and executed the Malware. The Malware is a variant of the Portux family, Trend noted, and is known for its ability to offer unrestricted access to the targeted system to the attacker.
“Adobe is aware of reports of a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX. There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows,” Adobe said in their initial notification.
Accordingly, they will fix this issue in their upcoming Reader and Acrobat patch release on October 13. The release will fix all three platforms.
“Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible,” Adobe advised.
In addition to disabling JavaScript, another defense is to ensure that you are using current anti-Virus applications and detection updates.
More information is here.
Interested in a more interactive TTH? Join our Facebook Group Want regular updates from The Tech Herald? Follow us on Twitter
Advertising
Comment on this Story