New zero day vulnerability being exploited in Adobe Acrobat and Reader
December 16, 2009
I have just read security reports about a new critical vulnerability in Adobe's PDF programs, Acrobat and Reader, which is being actively exploited in the wild. This comes on the heels of a large security update that Adobe just released in early December, 2009, which patched those programs for other vulnerabilities. There seems to be no end to exploits targeting Adobe products (PDF programs, Shockwave and Flash).
Adobe announced in their security advisory APSA09-07 that a patch would be released by January 12, 2010, which is coincidentally the next Patch Tuesday for Microsoft users.
Here is a quote from advisory APSA09-07:
"Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild."
Adobe recommends customers use one of the workarounds below until a patch is available.
Customers using Adobe Reader or Acrobat versions 9.2 or 8.1.7 can utilize the Adobe JavaScript Blacklist Framework to prevent this vulnerability. Please refer to the aforementioned TechNote for more information. There is some doubt in security circles that this is really going to be effective.
Or, totally disable JavaScript in Adobe Reader or Acrobat, as follows.
- Launch Acrobat or Adobe Reader.
- Select Edit > Preferences
- Select the JavaScript Category
- Uncheck the "Enable Acrobat JavaScript" option
- Click OK
If your version of Windows supports it, enabling "DEP" for Acrobat or Reader limits the potential of the attack to crashing the applications, rather than taking over the computer. It is a recommended step to take.
Be sure to watch for the official patch on January 12, 2010, or sooner. If you have disabled JavaScript in Adobe Acrobat and/or Reader, and wish to start using it again, undo the option listed above after applying the upcoming patch.
Trend Micro Internet Security products, for home and office users, use in-the-cloud malware definitions that are updated every day, all day, as soon as new or altered strains of viruses and other malware are detected in the wild and analyzed. By offloading the bulk of these ever changing virus definitions to cloud servers, the load on your computers is greatly reduced. All users of Trend security programs are instantly protected from hostile web pages laden with malware exploits and hostile email, by the Trend Micro Smart Protection Network.
This weblog is licensed under a Creative Commons License.The content on this blog may be reprinted provided you do not modify the content and that you give credit to Wizcrafts and provide a link back to the blog home page, or individual blog articles you wish to reprint. Commercial use, or derivative work requires written permission from the author.
