Hackers exploit unpatched Adobe Reader bug
Expect attacks to spread before Adobe issues patch, say researchers
Computerworld - Hackers have been exploiting a critical bug in Adobe Reader, the popular PDF-viewing software, for at least nine days, researchers said Friday, but a patch may not be ready for another three weeks.
Attacks have been spotted in Asia, primarily in Japan, said Haley, as well as in a few other countries. But their small number led him to characterize them as "targeted," meaning the victims had been specially selected.
"But this [bug] is not hard to exploit," he added, indicating that Symantec expects the attacks to spread.
So does Andrew Storms, director of security operations at nCircle Network Security Inc. "If the history of Adobe Reader vulnerabilities shows us anything, it's probably just a number of days before this takes off," Storms said.
In a security advisory released yesterday, Adobe acknowledged the bug and the ongoing attacks, and said that both Reader and Acrobat, an advanced PDF-creation and edit application, are vulnerable. Versions 7, 8 and 9 of both programs, and on all platforms, contain the flaw, the company confirmed. Adobe Reader, by far the more popular of the two applications, is available for Windows, Mac OS X and Linux.
Adobe plans to patch Reader 9 and Acrobat 9 -- the most current versions -- by March 11, and will then follow with fixes for Reader/Acrobat 8 and Reader/Acrobat 7, in that order. It did not spell out a timetable for updates to Versions 7 and 8, however.
In the meantime, both Haley and Storms expect hackers to take advantage of the bug, possibly by integrating new attack code into the multistrike exploit kits that are frequently used by cybercriminals to launch attacks against users who are duped into visiting malicious Web sites. "There's no reason to think that that won't happen," he said. "Reader is a very popular application."
The in-the-wild attacks trigger the bug with a Trojan horse that Symantec has pegged "Pidief.e," which then installs several additional components to open a backdoor on the compromised computer. That backdoor can later be used to inject additional malware into the machine.
Attacks could be initiated by spam messages that trick users into clicking through to a malicious site, or by packing exploit code in a file attachment.
Adobe Reader and Acrobat are no strangers to exploits. Last November, attackers jumped on a just-patched vulnerability in Reader 8.1.3 within days.
Read more about Security in Computerworld's Security Topic Center.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts