Home > Adobe > Zero-Day Adobe Reader Vulnerability

Zero-Day Adobe Reader Vulnerability

Security researchers at FireEye, a security firm out of Milpitas California, are warning users to take caution and do not open PDFs obtained from unknown sources using Adobe Reader. A zero-day PDF vulnerability has been discovered which affects Adobe Reader on multiple platforms including Mac, Linux, and Windows. It affects several versions of Adobe Reader including 9.5.3, 10.1.5, and the latest 11.0.01.

According to FireEye:

“Upon successful exploitation, [the exploit] will drop two DLLs [dynamic link libraries]. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain,”

FireEye has submitted a sample to Adobe’s security team and Adobe has confirmed it is looking into the report. Until Adobe releases a fix, I would advise everyone to refrain from using Adobe Reader if possible. You can also try free PDF alternatives like Foxit Reader for Windows, XPDF for Linux, and Preview for Mac.

UPDATE: 2/20/13 Adobe has released Adobe Reader XI (11.0.02)

Advertisements
  1. No comments yet.
  1. No trackbacks yet.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

%d bloggers like this: