Adobe flaw has been used in attacks since early January
A dangerous and unpatched vulnerability in Adobe's PDF-reading software has been around a lot longer than previously realized.
The bug, first reported late last week, has caused concern because it is easy to exploit and it is not expected to be patched by Adobe for several weeks. Symantec told Adobe about the flaw, which lies in the Acrobat and Reader software, on Feb. 12, but on Monday security vendor Sourcefire said that an analysis of its database of malicious software shows that attackers have actually been using the attack for more than six weeks.
Sourcefire has found samples dating back to Jan. 9, said Matt Watchinski, Sourcefire's senior director of vulnerability research.
To date, the bug has been used in small-scale attacks against specially targeted individuals. Symantec says it has tracked only 100 attacks, but attacks have been increasing as attack code that exploits the flaw has been made public. The bug affects both Mac and Windows users.
Sourcefire posted an analysis of the flaw on its Web site Monday, which a hacker named k`sOSe credited with helping him write a public proof of concept attack that exploits the bug.
"We're starting to see more exploit code show up," Andre DiMino, cofounder of The Shadowserver Foundation, the organization that first reported the flaw last Thursday.
"This developed legs last week," he added in an instant message interview. "I think our blogging the vulnerability and Sourcefire blogging the exploit details got it going."
The vulnerability lies in the way that Adobe opens files that have been formatted using the JBIG data compression algorithm. Adobe says it plans to patch the bug by March 11, but in the meantime Sourcefire has also released an unsupported patch that fixes the issue.
Security experts say that users can also mitigate the attack by disabling JavaScript within their Adobe software, but this could break corporate applications that rely on the scripting software.
IDG News Service
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
security
Powered by Twitter
jfruh
Apple syncing patent can't come soon enough
pasmith
New Twitter features borrow from 3rd party clients
Esther Schindler
Open Source Changes the Software Acquisition Process
mikelgan
How to set up continuous podcast play on the new iTunes
David Strom
Five important Windows 7 mobility features
sjvn
Guard your Wi-Fi for your own sake
Sandra Henry-Stocker
Grepping on Whole Words
Sidekick: The Good News & the Bad News
Either way you look at it Microsoft Data Center management did not follow standards or best practices in this failure. In which case it makes me wonder more about the outsourcing of corporate data much less personal data.
- mburton325
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
