Slashdot Mirror

← Back to Stories (view on slashdot.org)

$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts

Posted by timothy on from the kicking-sand-in-your-face dept.

tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."

4 of 56 comments (clear)

  1. This is Actually an Interesting Trend... by InvisibleClergy · · Score: 5, Insightful

    If I remember correctly, Flame was first identified by Kapersky, a Russian company. In this age wherein the US Government has a cyber-warfare division, it seems as though a large amount of the interesting, practical work in Computer Security is moving to Russia.

    1. Re:This is Actually an Interesting Trend... by Anonymous Coward · · Score: 4, Insightful

      Well since most of the interesting, practical work in Computer Insecurity is there as well, it makes sense.

  2. What is broken? the reader or the specs? by 140Mandak262Jamuna · · Score: 5, Insightful
    Adobe PDF and Flash are now the two most serious vectors for malware. Most of us have switched to foxit reader. But I learnt that some of the security holes are actually in the pdf spec itself, and whatever $reader you are using, if it is faithful to the specs, the vulnerability will exist. In this case, is it the reader or the specs that is broken?

    High time people stop using the Adobe pdf reader, and disable the "active hyperlinks" in it if it cant be fully uninstalled. Just in case some malware manages to trick the browser into using the installed adobe reader overriding the preference to foxit reader.

    --
    sed -e 's/Chuck Norris/Rajnikant/g' joke > fact
  3. but wait, it gets worse by slashmydots · · Score: 5, Insightful

    In the new 11 version, you can no longer turn off the "view PDF in web browser" that basically frames it within your browser like a page without you ever approving it. So any rigged PDFs get loaded automatically. You used to be able to turn it off and only open PDFs via a file download prompt if a page is trying to serve one up.