Another day and another vulnerability by software used by millions of people around the globe. Users have recently been hit with Java vulnerabilities and then it was an Adobe Flash security issue, but the newest to hit the web is a flaw in the popular free PDF software from Adobe.
The process according to a team of researchers from FireEye will be carried out as follows.
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
So far Adobe has posted very little information about the exploit on their blog.
Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.
This particular vulnerability is open for all users of the PDF software. Versions 11.0.01 on Windows and Macs are not safe along with all previous versions including Adobe Reader X and the earlier 9.5.3 available for all platforms including Linux.
Since all versions are affected and Adobe has not released an update to address the exploit, I would advise users to very cautious opening up any PDF’s. If you receive an email from an unknown sender or with a PDF attachment I would not open it. The main problem with these types of attacks is that the emails are made to look authentic all the way down to the format of the message. It is better to be safe than sorry in this type of situation.
To disable the browser version of the software just follow the guides below for your browser type. Remember to turn this back on after an update from Adobe is available.
Open the Tools menu.
Click the plugins tab.
Click on the Adobe Reader option
Click the Disable button.
Open Adobe Reader
Select Internet on the left
Click Internet settings in the middle
Choose the Programs tab
Click manage ad-ons
Choose Adobe PDF Reader and then select disable on the bottom box
By default Chrome uses a built in PDF reader and should not be vulnerable to this attack.