Adobe today sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild.
Details on the vulnerability are not yet public but the sudden warning from Adobe is a sure sign that rigged PDF documents are being used by malicious hackers to take complete control of machines with the latest versions of Adobe Reader/Acrobat installed.
Here’s Adobe’s warning:
A critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system.There are reports that this vulnerability is being actively exploited in the wild.
Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability.
Ominously, Adobe said it cannot offer any pre-patch advice to help users thwart the attacks.
Unfortunately, there are no mitigations we can offer. However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.
An Adobe spokeswoman described the attacks as “limited” but warned that that could change with the availability of public exploit code.
She said the company was notified of the attacks yesterday (Tuesday September 7, 2010) via information from a private partner company.
Affected software includes:
- Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX
- Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh
The next batch of Adobe Reader/Acrobat patches is scheduled for October 12, 2010 but it is likely the company will ship an out-of-band update for this issue.
UPDATE: A sample PDF from the attack is publicly available. It targets Windows users, affects Acrobat 8 and 9, exploits multiple versions at once, and bypasses DEP and ASLR.