Adobe Reader, Acrobat Under Zero-Day Attack
From Dark Reading:
Adobe’s Reader and Acrobat PDF applications have been hit by a new attack exploiting an unpatched vulnerability in the pervasive tools. So far the exploit has been used mostly in targeted attacks, but researchers say it could soon spread now that the cat is out of the bag.
Adobe late yesterday issued a brief alert about the as-yet undisclosed vulnerability in Acrobat Reader and Acrobat 9.2 and previous versions that’s being exploited in the wild. “We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information,” Adobe said.
So far, Adobe and security researchers around the industry have been tight-lipped on details about the newly discovered vulnerability involved, but ShadowServer today said in its blog that the flaw resides in a JavaScript function in Acrobat and Reader. The trick is that the vulnerable JavaScript is hidden inside a “zlib stream,” which makes it difficult for security scanners to detect it, ShadowServer says. The flaw is found in 8.x and 9.x versions of the software, according to ShadowServer, and researchers are currently testing earlier versions for the bug as well.
