Slashdot Mirror

← Back to Stories (view on slashdot.org)

New Adobe PDF Zero-Day Under Attack

Posted by CmdrTaco on from the duck-and-cover dept.

Rahmmp writes "Adobe has sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild. An Adobe spokeswoman described the attacks as 'limited' but warned that that could change with the availability of public samples and exploit code."

14 of 203 comments (clear)

  1. Re:No credibility to this story by tlhIngan · · Score: 2, Informative

    Whenever we have a credible PDF exploit story, the slashdot fine summary always links to a reliable PDF document that explains the exploit in detail. Sorry, not buying this one.

    Funny, the only PDF I can find is a link from the FA which demonstrates the attack. The article itself is a regular web page, and I can't seem to find a PDF of the full disclosure.

  2. Can there be a 0-day that's not under attack? by danaris · · Score: 1, Informative

    Correct me if I'm totally off base here, but...isn't part of the definition of "zero-day" that the flaw is being exploited? I mean, it's "zero-day" because it's being exploited on "day zero", right?

    Dan Aris

    --
    Fun. Free. Online. RPG. BattleMaster.
    1. Re:Can there be a 0-day that's not under attack? by danaris · · Score: 2, Informative

      means the code is known and no patch exists..

      doesn't matter if you're the only one who knows the code, its still a zero day vuln until its patched.

      No, it's just a known vulnerability with no patch. Zero day means it was exploited on day zero—that is, before anyone else knew the vulnerability existed.

      Dan Aris

      --
      Fun. Free. Online. RPG. BattleMaster.
  3. Disable Javascript in PDF reader by Anonymous Coward · · Score: 3, Informative

    A work around for end users is to disable javascript, such as this guide:

    http://praetorianprefect.com/archives/2009/12/disabling-javascript-on-adobe-acrobat/

    For the enterprise you can disable it through group policy (which at this point seems like a good plan long term):

    http://praetorianprefect.com/archives/2010/01/disable-acrobat-reader-pdf-in-the-enterprise/

  4. Re:What is this stupidity??? by MozeeToby · · Score: 4, Informative

    Foxit Reader is a nice alternative. It opens quickly, doesn't feel the need to update every other day or keep an updater service running all the time, and it doesn't have as nearly as many security issues. Alternatively, you could just do a search for pdf reader -adobe and come up with a variety of alternatives yourself.

  5. Limited? by supernothing · · Score: 2, Informative

    I guarantee that its exploitation isn't limited anymore: an initial exploit module was added to Metasploit last night.
    Metasploit module

    --
    "All we have is logic and love on our side."
    1. Re:Limited? by phantomfive · · Score: 2, Informative
      It's not a zero day, either. Check out what Wikipedia says (in case anyone is unclear what a zero-day is, since the submitter for one hasn't figured it out):

      A zero-day (or zero-hour or day zero) attack or threat is a computer threat that tries to exploit computer application vulnerabilities that are unknown to others or undisclosed to the software developer. Zero-day exploits (actual code that can use a security hole to carry out an attack) are used or shared by attackers before the software developer knows about the vulnerability.

      I guarantee that in the case the software developer knows about this vulnerability, since Adobe themselves made the announcement.

      --
      Qxe4
  6. Re:What is this stupidity??? by 6031769 · · Score: 2, Informative

    xpdf.

    --
    Burns: We're building a casino!
    McAllister: Arrr. Give me 5 minutes.
  7. Re:What is this stupidity??? by Pascal+Sartoretti · · Score: 5, Informative

    what alternatives? no, seriously?

    The alternative is a format called PDF/A (see http://en.wikipedia.org/wiki/PDF/A), which happens to be exactly what you are looking for : a subset of PDF excluding (among others) scripting, video or audio.

    Now, all we need is a PDF reader with an option "only open PDF/A documents"

  8. Re:What is this stupidity??? by Anonymous Coward · · Score: 1, Informative

    In Gnome use Evince, or in KDE use Okular or KPDF, instead of Adobe Reader (Evince and KPDF are also available for MS Windows, if you must use that buggy software). These GNU/Linux applications are simpler and safer when dealing with PDF files. They support reading PDF files, fillable PDF forms, etc. but not the more fancy stuff that opens security holes.

    I wish we had two document standards: PDF and something else, let's call it "PDM" for portable document - multimedia, where Adobe can stick all of the buggy crap they want.

  9. Re:What is this stupidity??? by MozeeToby · · Score: 5, Informative

    Yep, and Firefox and Chrome have had exploits too. So have Linux, the iOS, and Mac OS 10. So has nearly every piece of popular, complex software. The rate of exploits found that affect Foxit is trivial compared to the number found in Adobe Reader.

  10. Re:What is this stupidity??? by nashv · · Score: 2, Informative

    How about XPS ? *ducks* But seriously, the major problem is to convert the tons of literature , especially academic/scientific that exists as PDF into something else...

    --
    Entia non sunt multiplicanda praeter necessitatem.
  11. Re:What is this stupidity??? by hairyfeet · · Score: 2, Informative

    Foxit actively sandboxes and refuses to run ALL code embedded in a PDF unless you actively turn off safe reading, and they have been doing this for quite awhile now, since that last bug you mentioned.

    And for anybody dealing with clueless users that want a butt simple way to install Foxit or several other free PDF readers like Sumatra, or need a butt simple way to install most of the basics like chrome, Firefox, or Flash, I'd suggest Ninite which has fully automated installers for over 90 programs. simply tell them which boxes to check and then run the installer. That's it. No toolbars, no "clickly clicky next next next", it just installs the software and leaves a shortcut on the desktop. Sweet and simple.

    --
    ACs don't waste your time replying, your posts are never seen by me.
  12. Re:Switching between masters is not freedom. by Svartalf · · Score: 2, Informative

    And it should be observed that Evince is also available for Windows and is under the GPLv2.

    Sumatra's minimalistic and lacks some functionality, if you want the honest appraisal- the dev site openly admits not everything renders correctly. Evince seems to be pretty solid when it comes to rendering content correctly. I've yet to find a document that didn't view and print as the author of the document had intended.

    --
    I am not merely a "consumer" or a "taxpayer". I am a Citizen of the State of Texas