Adobe Finally Fixes Remote Launch 0-Day

Posted by kdawson on Tuesday June 29, 2010 @09:41AM from the stay-safe-out-there dept.

Trailrunner7 sends in this excerpt from Threatpost (Adobe announcement here): "Adobe today shipped a critical Reader/Acrobat patch to cover a total of 17 documented vulnerabilities that expose Windows, Mac, and Unix users to malicious hacker attacks. The update, which affects Adobe Reader/Acrobat 9.3.2 and earlier versions, includes a fix for the outstanding PDF '/Launch' functionality social engineering attack vector that was disclosed by researcher Didier Stevens. As previously reported, Didier created a proof-of-concept PDF file that executes an embedded executable without exploiting any security vulnerabilities. The PDF hack, when combined with clever social engineering techniques, could potentially allow code execution attacks if a user simply opens a rigged PDF file." Relatedly, Brian Krebs blogs about the downsides of Adobe's increasingly Byzantine update process.

2 of 82 comments (clear)

Min score:

Reason:

Sort:

It's not a 0-day anymore.... by snowraver1 · 2010-06-29 09:43 · Score: 4, Insightful

Why is every unpatched exploit a 0-day attack? Wouldn't this be more like a multi-month exploit?

--
Copyright 2010. All rights reserved. This comment may not be copied in any way including, but not limited to caching.
1. Re:It's not a 0-day anymore.... by lennier · 2010-06-29 13:32 · Score: 2, Insightful
  
  Nope. Exploitation and disclosure are two completely different things.
  If you've found an unpatched exploit and you're a black hat, are you going to blog to the whole world about it? Or quietly add it to your botnet kit without telling anyone?
  If the second, it's a 0-day. No warning, no defense, no lead time, just blam, click the wrong web page, read the wrong email, or open the wrong PDF and you're rooted without knowing it.
  
  --
  You are not a brain: http://books.google.com/books?id=2oV61CeDx-YC