Hackers exploit year's fourth PDF zero-day
For the fourth time this year, Adobe has admitted that hackers were using malicious PDF documents to break into Windows PCs.
The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said yesterday. That phrasing generally means hackers are sending the rigged PDF documents to a short list of users, oftentimes company executives or others whose PCs contain a treasure trove of confidential information.
Adobe promised to patch the vulnerability on Tuesday, Oct. 13, the same day that Microsoft plans to issue its biggest-ever collection of security updates .
The bug exists in Reader and Acrobat versions 9.1.3 and earlier on Windows, Mac OS and Linux, said Adobe in a security advisory published Thursday, but as far as the company knows, it is being exploited only to hijack Windows PCs. "There are reports that this issue is being exploited in the wild in limited targeted attacks," said Adobe. "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."
Adobe will plug the hole next week as part of its quarterly security update for Reader and Acrobat. Last June, Adobe announced it would follow the lead of companies like Microsoft and Oracle, and release regular security updates for Reader and Acrobat.
Originally, Adobe was to post patches last month, but a scramble during July to fix several flaws, including some introduced by Microsoft in a code "library" used by its own developers, as well as those in other companies, wreaked havoc on Adobe's schedule. It said more than a month ago that it would instead push the patch date into October.
Until a patch is released next week, Windows Vista and Windows 7 users can protect themselves by enabling Data Execution Prevention (DEP), a security feature designed to stop some kinds of exploits -- buffer overflow attacks in particular -- by blocking code from executing in memory that's supposed to contain only data. Instructions on how to enable DEP are available on Microsoft's support site.
Windows XP users should disable JavaScript in Reader and Acrobat, added Adobe. That wouldn't block all possible attacks, but will stymie the exploit now in the wild.
Adobe has struggled this year to stay ahead of hackers. In March, the company quashed a PDF bug that attackers had been using for more than two months . It again patched Reader and Acrobat in May to block another zero-day .
In July Adobe fixed a Flash PDF-related flaw that was being used by hackers.
Next Tuesday's Reader and Acrobat updates will also patch a unknown number of other vulnerabilities, Adobe said.
Computerworld
Sign up for ITworld's Daily newsletter
Follow ITworld on Twitter @IT_world
On Twitter now
Security
Powered by TwitterOn Twitter now
Security
Brian Proffitt
Microsoft/Novell: Breaking Down the Coupon Numbers
Esther Schindler
Drupal's Dries Buytaert on Building the Next Drupal
Tom Henderson
Top Ten General Operating Systems Rants
pasmith
PS3 motion controller delayed; goes up against Project Natal
sjvn
Neolithic Windows security hole alive and well in Windows 7
claird
Perl source code comparison makes for good reading
mikelgan
Cell phones don't create stress or interrupt much
Sandra Henry-Stocker
How to: The Unix Interview
Where Google Chrome security fails: the password
I heard mention that the Chrome OS will have some sort of encryption available a la bitlocker. If it's possible to encrypt personal data using another password or key, then it may have potential for very secure data.... And Ubuntu has an 'encrypt home directory' option, perhaps google should follow suit.
- Dann
Join the conversation here
Quick, practical advice for IT pros. Made fresh daily.
- Ubuntu advances: Why Ubuntu server installations will surge in 2010
- Social media marketing: How to make friends with benefits
- More...
Want to cash in on your IT savvy? Send your tip to tips@itworld.com. If we post it, we'll send you a $25 Amazon e-gift card.
