Ten days ago Adobe published a
security advisory for Adobe Reader and Acrobat detailing a “critical”
zero-day vulnerability that was already being actively exploited on the
Internet, specifically against Adobe Reader 9.x on Windows.According to Brad Arkin, the Senior Director for Product Security and Privacy at Adobe, the rationale behind releasing a hot fix only for Adobe Reader and Acrobat 9 on Windows is that “this is the version and platform currently being targeted.”
Soon after Adobe published details of the vulnerability, researchers at Symantec released details of attacks seen in the wild saying that the “critical vulnerability has recently been seen exploited in the wild in targeted attack emails sent on November 1st and 5th. This attack leverages the zero-day vulnerability in order to infect target computers with Backdoor.Sykipot.”
To exploit the zero-day vulnerability the attackers sent out emails with a specially crafted PDF attachment. This PDF uses a bug in Adobe’s Universal 3D (U3D) processing to cause a memory corruption and deliver its payload. News reports suggest that the emails targeted defense contractors, however companies in the Telecoms, Wholesale, and computer hardware industries have also been targeted.
Adobe Reader X and Adobe Acrobat X users should verify that they are using Protected View / Mode:
- To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
- To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.
0 reactions:
Post a Comment