$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts

tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."

not yet been able to verify the zero-day claims

[fustakrakich]

They can if they cough up 50 grand for a copy. By the way, is anybody getting sued for uploading a free torrent?

Can't verify.

Sorry, we cannot verify this zero-day exploit, the computer we tested it on isn't working right for some reason.

Re:Translating Roman Numerals... srsly???

[MightyYar]

If you ask me, this site has been going downhill ever since they dropped Latin and started posting in English.

Re:Translating Roman Numerals... srsly???

[MadChicken]

They would have kept one numbering system for the whole article, but "Zero-day" would have been really tough.

This is Actually an Interesting Trend...

[InvisibleClergy]

If I remember correctly, Flame was first identified by Kapersky, a Russian company. In this age wherein the US Government has a cyber-warfare division, it seems as though a large amount of the interesting, practical work in Computer Security is moving to Russia.

Re:This is Actually an Interesting Trend...

Well since most of the interesting, practical work in Computer Insecurity is there as well, it makes sense.

Re:Translating Roman Numerals... srsly???

[guruevi]

Adobe themselves does it. They have Acrobat X/XI on the marketing side but installation and license calls it Acrobat 10/11

What is broken? the reader or the specs?

[140Mandak262Jamuna]

Adobe PDF and Flash are now the two most serious vectors for malware. Most of us have switched to foxit reader. But I learnt that some of the security holes are actually in the pdf spec itself, and whatever $reader you are using, if it is faithful to the specs, the vulnerability will exist. In this case, is it the reader or the specs that is broken?

High time people stop using the Adobe pdf reader, and disable the "active hyperlinks" in it if it cant be fully uninstalled. Just in case some malware manages to trick the browser into using the installed adobe reader overriding the preference to foxit reader.

but wait, it gets worse

[slashmydots]

In the new 11 version, you can no longer turn off the "view PDF in web browser" that basically frames it within your browser like a page without you ever approving it. So any rigged PDFs get loaded automatically. You used to be able to turn it off and only open PDFs via a file download prompt if a page is trying to serve one up.

Re:Translating Roman Numerals... srsly???

[FatdogHaiku]

O tempora, o mores!