![]() ![]() I can’t speak for everyone, but this has had no impact on functionality for me, and historically this feature has been abused in real-world exploits.ģ. ![]() ![]() You’ll find that checkbox by clicking Edit > Preferences in Adobe Reader, then clicking Javascript at the left. if you’re using an old version, update to Reader 11 (XI).Ģ. I like to say something practical when I post, so let me suggest that Adobe Reader users do this:ġ. They would probably have an equally easy time finding holes in whatever alternative you run to. If it’s not perfect, I’d still think carefully before doing the Chicken Little act because someone, somewhere, has found a workable exploit against it. Their sandbox is pretty good, and they’ve just come out with their second-gen sandbox, ForceASLR and I forget what else. Adobe has changed their game since Reader 8/9. This entry was posted on Wednesday 7th of November 2012 03:24 PM At any rate, consumers should realize that there are several PDF reader option apart from Adobe’s, including Foxit, PDF-Xchange Viewer, Nitro PDF and Sumatra PDF. If that happens, it may not be long before this becomes a much bigger problem Blackhole is by far the most prevalent exploit kit in use today. He noted that although his kit currently does not include the exploit, he is hoping to acquire it and add it soon. Group-IB says the vulnerability is included in a new, custom version of the Blackhole Exploit Kit, a malicious software framework sold in the underground that is designed to be stitched into hacked Web sites and deploy malware via exploits such as this one.įor now, the research firm said, the Adobe Reader exploit is being distributed only in “small circles of the underground.” Contacted via instant message, the author of the Black Hole exploit kit said today that he also had confirmed the existence of a private Adobe Reader exploit that was being sold in closed circles. “But without additional details, there is nothing we can do, unfortunately- beyond continuing to monitor the threat landscape and working with our partners in the security community, as always.” “Adobe will reach out to Group-IB,” Lips said. And so far, they have only seen the attack work against Microsoft Windows installations of Adobe Reader.Īdobe spokeswoman Wiebke Lips said the company was not contacted by Group-IB, and is unable to verify their claims, given the limited amount of information currently available. For example, it can’t be fully executed until the user closes his Web browser (or Reader). The exploit does have some limitations, Komarov said. The Russian firm produced the following video which they say demonstrates a sanitized version of the attack. ![]() Komarov said the finding is significant because “in the past there was no documented method of how to bypass” Adobe Reader X’s sandbox to run code of the attacker’s choice on the target’s computer. This is significant because - beginning with Reader X- Adobe introduced a “sandbox” feature aimed at blocking the exploitation of previously unidentified security holes in its software, and so far that protection has held its ground.īut according to Andrey Komarov, Group-IB’s head of international projects, this vulnerability allows attackers to sidestep Reader’s sandbox protection. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they’ve discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |