Adobe Reader Vulnerable to New Zero-day PDF Exploit

Anthony Freed
By | November 08, 2012

Posted in: Network Security Trends

Once again, hackers are proving that the best we can expect to do is stay just one step behind them as they continue to capitalize on previously undisclosed vulnerabilities. The latest is a PDF-based zero-day exploit that defeats the sandbox security features available in Adobe Reader. The exploit is already known to be present in a modified version of the Blackhole Exploit-Kit, which is used to proliferate common banking Trojans such as Zeus, SpyEye, Carberp, Citadel.

The exploit, discovered by researchers from Russian security provider Group-IB, can bypass Adobe's Protected View and Protected Mode features, which had previously been able to successfully block arbitrary code execution exploits in tainted PDF documents.

"As more and more of these unpatchable zero day threats pop up in application software and operating systems, it provides bot authors more opportunities to design more creative methods to get their malware loaded into a victims computer," Managing Partner of Group-IB Dan Clements said on the company's website.

The exploit is capable of infecting devices through Microsoft's Internet Explorer and Mozilla's Firefox, but so far users of Google's Chrome browser are immune to the attack because of additional protections provided by the browser.

The researchers indicated that the vulnerability being taken advantage of has some limitations, such as requiring the targets to close their browser and restart it before the exploit can take hold.

Nonetheless, the advanced nature of the method, which employs a shellcode in its execution, is the first known malware variant that can defeat the built-in Adobe precautions and can infect devices where JavaScript has been disabled.

The researchers said the exploit is being marketed on underground forums for a hefty price ranging between $30,00 and $50,000 dollars, and they expect the method to be adapted for use in targeted attacks beyond the pilfering of banking credentials.

The company shared details of the exploit with Adobe, who is expected to release a patch for the vulnerability as soon as one is developed. A demonstration of the researcher's Proof of Concept can be viewed in a YouTube video here.

You May Also Be Interested In: