Adobe issues advisory on new PDF vulnerability – patch due March 11 (UPDATE 3)

Update 3:

New attack vectors for this vulnerability are starting to crop up. Perhaps Adobe should push the patch out sooner than the 11th.

The newest Proof-of-Concept, thanks to Didier Stevens, explains how the PDF vulnerability can be exploited with no interaction on the part of the end user.

Using Windows Explorer Shell Extensions, Stevens created a direct path to exploitation that can be triggered by merely selecting a malicious PDF file. No need to open it, just click on it once, or hover over it with the mouse.

If the malicious file is in a folder and the Thumbnail option is set, the exploit could be triggered as well.

More information is here. (Video included)

Update 2:

There is more information on the recent PDF vulnerability discovered by the Shadowserver Foundation and confirmed by Adobe.

Researchers at Secunia have done additional testing on the vulnerability. As it turns out, disabling JavaScript will not prevent exploitation.

"Over the last couple of days, we have seen many sources recommend users to disable support for JavaScript in Adobe Reader/Acrobat to prevent exploitation. While this does prevent many of the currently seen exploits from successfully executing arbitrary code (as they rely on JavaScript), it does not protect against the actual vulnerability," Secunia said.

"During our analysis, Secunia managed to create a reliable, fully working exploit (available for Secunia Binary Analysis customers), which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled."

There is fourteen days left until Adobe pushes a patch for this issue. In the meantime, security experts as well as Secunia are warning users to show extreme caution when opening PDF files, regardless of whether or not they have disabled JavaScript.

Update:

The vulnerability research team at Sourcefire (of Snort fame) have issued a patch on their own for the Adobe PDF issue. This patch is not official, and ONLY for version 9 of Adobe Reader. If you are on earlier verions, such as version 8, then you will have to wait for a solution. More details of the patch can be found here.

Original story is below:

A new vulnerability in Adobe’s Acrobat Reader 9 and Acrobat 9, as well as earlier versions, has been discovered by the Shadowserver Foundation. Adobe issued an official advisory on Friday, and said it expects to patch the flaw on March 11, with updates to earlier versions to follow soon after.

“A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited,” Adobe stated in the advisory.

PDF files are a popular target for online criminals, as they are almost universal methods of documentation and communication within both the business and private communities.

“The potential of an exploit like this is only limited by the imagination [of] malicious users,” said Jonathan Leopando of Trend Micro. “It spreads the same way normal PDF files can be distributed - either as an e-mail attachment, or downloaded from Web sites.”

On Thursday, the Shadowserver Foundation went public with details on the vulnerability, including the fact it is being actively exploited in a limited scale.

“Right now we believe these files are only being used in a smaller set of targeted attacks,” the foundation outlined. “However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet. As a result we are also not going to provide any specific details on how the exploit works despite the fact that information is known.”

The fix, until Adobe releases an official patch, is to disable JavaScript within Acrobat Reader and Acrobat products.

To do so, click edit, preferences, select JavaScript, and uncheck “Enable Acrobat JavaScript”.

Once the patch is released, Adobe urges customers to apply the patch immediately. In the meantime, the mitigation offered by disabling JavaScript will be the only course of action users can take.

Like this article? Please share on Facebook and give The Tech Herald a Like too!

From our Other Sites

McLaren 675LT Pictures

Some great shots of the forthcoming McLaren 675LT. This coupe will get you to 60mph in less than 2.9 second and go all the way to 205mph.

McLaren 675LT Details

McLaren’s 675LT will debut at this year’s Geneva show and promises some eye-popping performance. The coupe only 675LT has a 3.8 liter V8 that will get you from 0-60mph in less than 2.9 seconds and to 124mph in less than 7.9 secondsMore than a third of the parts have been changed compared with its stable mate […]

Octopus hunts on land, grabs crab (Video)

This crab is minding its own business searching the rock pools for food when suddenly an octopus leaps out of the water and grabs it. The amazing thing is that the octopus does not just jump on the crab it actually pulls it all the way back to the rock pool it came from. If you check the second video you will see it is not unknown for octopus to come out of the water and the one in the second video has a crab with it, though is not hunting one! Octopus Walks on Land at Fitzgerald Marine Reserve The video was taken by Porsche Indrisie in Yallingup, Western […]

Stunning Mars Rover Selfie

This image by the Curiosity Mars rover is not exactly your typical selfie. It is made up of a bunch of images taken by the rover during January 2015 by the Mars Hand Lens Imager. This (MAHLI) camera is at the end of the robot’s arm. For a sense of scale the rover’s wheels are about 20 inches diameter and 16 inches wide. Check the annotated image below for more information on the surroundings. Also if you really want to see some detail click this very large image, 36mb, at NASA.  

How the Sahara Helps Feed the Amazon (Video)

Sahara to Amazon
This cool video from NASA shows how dust is transferred across the Atlantic to the Amazon rainforest and helps nourish the plants growing there. For the first time scientists have measured the amount of dust and the amount of phosphorus in the dust. The later acts like a fertiliser and helps replenish the phosphorus the rainforest loses each year, around 22,000 tons. Amazing how something we perceive as being desolate like a desert actually has an important role in sustaining somewhere we see as teeming with life. Image and video from NASA’s Goddard Space Flight Center.

Bouncing Laser Guided Bomb (Video)

This amazing video shows a laser guided bomb bouncing back up after hitting its target. We actually think this is a non-explosive bomb designed to test guidance systems but it is still pretty remarkable and somewhat scary.

South Koreans Swallowed by Sinkhole (Video)

Thankfully the couple survived their adventure.
This amazing footage taken from the CCTV on a passing bus shows the moment two pedestrians in South Korea fall down a sinkhole in the street! Rescue workers managed to save the pair, who were treated in a nearby hospital for minor injuries. According to reports the city authorities and the Korean Geotechnical Society are looking into the cause.

Cheetah Pictures

Some Cool Cheetah Pictures Cheetahs are found mainly in Africa but also some parts of the Middle East. These sleek animals are the fastest land mammals in the world and can hit 60 mph in about 3 seconds, though they cannot maintain this speed for long. Cheetahs prey mostly on antelopes and smaller mammals but occasionally go for something bigger. We hope you enjoy these photos and don’t forget to check out the other speedy land mammals on our list of the fastest.

Sherlock Holmes Quiz

Sherlock Holmes
Sherlock Holmes was a man who absorbed information like a sponge and had a razor sharp mind. How much do you know about the famous fictional detective from the books?

22 years without Ferruccio Lamborghini

Lamborghini posted this photo today saying: “22 years without Ferruccio Lamborghini.” Ferruccio passed away on February 20th 1993 aged 76. Interestingly he started out making tractors!