Researcher posts homemade patch for critical PDF bug
Beats Adobe to the patch punch by more than two weeks
A security researcher has published a home-brewed patch for a critical Adobe Reader vulnerability that hackers are exploiting in the wild using malicious PDF files, beating Adobe Systems Inc. to the punch by more than two weeks.
Lurene Grenier, a vulnerability researcher at intrusion-prevention vendor Sourcefire Inc., posted the patch Sunday with the caveats that it applies only to the Windows version of Adobe Reader 9.0 and comes with no guarantees.
"The patch is just a replacement .dll -- AcroRd32.dll to be precise," said Grenier in a post to the Sourcefire vulnerability research blog. The .dll, which weighs in at 19MB, replaces the existing file in the "C:\Program Files\Adobe\Reader 9.0\Reader\" directory on Windows machines.
"No warranty expressed or implied, etc. etc.," concluded Grenier.
Although hackers have been exploiting the flaw in Adobe Reader since at least Feb. 12 -- the date that Symantec Corp. researchers first found the attack code in the wild -- Adobe said last week that it may not patch the problem until March 11.
In a security advisory the company issued last Thursday, Adobe confirmed that Versions 7, 8 and 9 of both Reader and Adobe Acrobat, an advanced PDF-creation application, contain the flaw. It plans to patch Versions 7 and 8 at an unspecified date after it fixes Version 9 next month.
It's rare that a patch surfaces from a source other than the software's maker, but Grenier's move isn't without precedent. In 2006, and then again the following year, a group of security researchers who called themselves ZERT (Zeroday Emergency Response Team), issued several unauthorized patches for bugs in Microsoft Corp.'s Windows and Internet Explorer.
In other news, exploit code for the Adobe bug has gone public, hitting the Milw0rm.com site earlier today. Last week, security experts speculated that attack code would quickly end up in the multiexploit kits that hackers now favor.
Grenier's patch can be downloaded via a link from the Sourcefire site.
- Radicati: Cloud Business Email - Market Quadrant 2013 Google was named the top cloud business email provider in a recent report by research firm Radicati. Out of 14 key players, Google...
- Tablets in the Enterprise: A Checklist for Successful Deployment How can you enterprise manage and secure tablets in order to protect corporate data while providing access to the information and applications employees...
- Enterprise Mobility: A Checklist for Secure Containerization The advantages and disadvantages of the multiple approaches to containerization. Learn More>>
- Enterprise File Sync & Share Checklist File sync and share has changed the way people work and collaborate in today's tech-savvy world. Gone are the email roadblocks, clunky FTP...
- Live Webcast LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- LIVE EVENT: 5/7, The End of Data Protection As We Know It. Introducing a Next Generation Data Protection Architecture. Traditional backup is going away, but where does this leave end-users?
- On-demand webinar: "Mobility Mayhem: Balancing BYOD with Enterprise Security" Check out this on-demand webinar to hear Sophos senior security expert John Shier deep dive into how BYOD impacts your enterprise security strategy... All Security White Papers | Webcasts