Here’s a quick update to the Adobe PDF Reader/Acrobat zero-day story that broke yesterday after the company confirmed that an unpatched vulnerabilities was being attacked in the wild.
First up, an exploit has been fitted into the Metasploit point-and-click penetration testing tool and there are predictions that exploit code will be widely available within a day or two.
[ SEE: How to mitigate Adobe PDF malware attacks ]
More importantly, Adobe has finally provided official mitigation guidance and announced plans to ship a patch for this vulnerability on January 12th, 2010.
These are the software versions affected:
- Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX
- Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh
Here are the temporary mitigation instructions:
1. Launch Acrobat or Adobe Reader.
2. Select Edit>Preferences
3. Select the JavaScript Category
4. Uncheck the ‘Enable Acrobat JavaScript’ option
5. Click OK
[ SEE: Adobe under fire for poor security response ]
Adobe also released an Adobe Reader and Acrobat JavaScript Blacklist Framework to offer granular control over the execution of specific JavaScript
API calls.
The purpose of the Framework is to allow Adobe to protect
customers against attacks that target a specific JavaScript API call,
like the one referenced in Security Advisory APSA09-07.
Researchers at F-Secure have some additional information on the actual zero-day attacks, which utilize rigged PDF files.