Hackers exploit unpatched Adobe Reader bug
Expect attacks to spread before Adobe issues patch, say researchers
Computerworld - Hackers have been exploiting a critical bug in Adobe Reader, the popular PDF-viewing software, for at least nine days, researchers said Friday, but a patch may not be ready for another three weeks.
Attacks have been spotted in Asia, primarily in Japan, said Haley, as well as in a few other countries. But their small number led him to characterize them as "targeted," meaning the victims had been specially selected.
"But this [bug] is not hard to exploit," he added, indicating that Symantec expects the attacks to spread.
So does Andrew Storms, director of security operations at nCircle Network Security Inc. "If the history of Adobe Reader vulnerabilities shows us anything, it's probably just a number of days before this takes off," Storms said.
In a security advisory released yesterday, Adobe acknowledged the bug and the ongoing attacks, and said that both Reader and Acrobat, an advanced PDF-creation and edit application, are vulnerable. Versions 7, 8 and 9 of both programs, and on all platforms, contain the flaw, the company confirmed. Adobe Reader, by far the more popular of the two applications, is available for Windows, Mac OS X and Linux.
Adobe plans to patch Reader 9 and Acrobat 9 -- the most current versions -- by March 11, and will then follow with fixes for Reader/Acrobat 8 and Reader/Acrobat 7, in that order. It did not spell out a timetable for updates to Versions 7 and 8, however.
In the meantime, both Haley and Storms expect hackers to take advantage of the bug, possibly by integrating new attack code into the multistrike exploit kits that are frequently used by cybercriminals to launch attacks against users who are duped into visiting malicious Web sites. "There's no reason to think that that won't happen," he said. "Reader is a very popular application."
The in-the-wild attacks trigger the bug with a Trojan horse that Symantec has pegged "Pidief.e," which then installs several additional components to open a backdoor on the compromised computer. That backdoor can later be used to inject additional malware into the machine.
Attacks could be initiated by spam messages that trick users into clicking through to a malicious site, or by packing exploit code in a file attachment.
Adobe Reader and Acrobat are no strangers to exploits. Last November, attackers jumped on a just-patched vulnerability in Reader 8.1.3 within days.
Read more about Security in Computerworld's Security Topic Center.
- PCI 3.0 Compliance In this white paper, learn how PCI-DSS 3.0 effects how you deploy and maintain PCI compliant networks using CradlePoint devices.
- Mitigating Security Risks at the Networks Edge This white paper provides strategies and best practices for distributed enterprises to protect their networks against vulnerabilities, threats, and malicious attacks.
- 5 Strategies for Modern Data Protection Read the five strategies for modern data protection that will not only help solve your current data management challenges but also ensure that...
- 5 Ways Dropbox for Business Keeps Your Data Protected Protecting your data isn't a feature on a checklist, something to be tacked on as an afterthought. Download here to find out how...
- Business-driven data protection Setting up data protection infrastructures with your organizations' core mission or business in mind is key. In this webinar, the ARCserve team will...
- On-Demand Webinar: Mind the Gap! Watch the webinar featuring Bob Janssen, CTO and Co-Founder of RES Software, to start building a solid foundation for business and IT to... All Security White Papers | Webcasts
Our new bimonthly Internet of Things newsletter helps you keep pace with the rapidly evolving technologies, trends and developments related to the IoT. Subscribe now and stay up to date!