Another Adobe Zero-Day Attack

"Adobe on Wednesday warned of a zero-day hole in Reader and Acrobat that is reportedly being exploited in the wild.

The critical vulnerability is in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to the security advisory. The hole could allow an attacker to take control of an affected computer and potentially affects millions of computers using the Adobe software, which is the most popular PDF (portable document format) viewer.

The company said it is evaluating the schedule for releasing a security update to resolve the issue........."

Read more: http://news.cnet.com/8301-27080_3-20015848-245.html?tag=cnetRiver#ixzz0yxpcadJu

 

Re: Security Advisory for Adobe Reader and Acrobat

Not bad first one this year, sorry i mean today

 

Re: Security Advisory for Adobe Reader and Acrobat

One exploit uses an email attachment hoping to entice the reader to click on a PDF to learn how to improve your golfing score. The payload in the PDF is a malicious executable:

CVE-2010-2883 Security Advisory for Adobe Reader and Acrobat
http://contagiodump.blogspot.com/2010/09/cve-david-leadbetters-one-point-lesson.html

This means that until a patch is issued, users with some type of execution protection in place are still safe.

Although the PDF is seen presently as an email attachment, it's sure to be picked up and used in exploit kits soon, meaning drive-by downloads will be found throughout the internet.

----
rich

 

Rmus! Do you have a sample for testing? Thanksd

 

Re: Security Advisory for Adobe Reader and Acrobat

Guess if you don't play golf you're safe. Seriously, I now open all PDF's sandboxed because of all the exploits.

 

You trying to get banned

 

No, I lost interest in this type of exploit because they are all blocked the same way, since the payload is a binary executable:



In other words, it's the same old stuff!, over and over...!

----
rich

 

A more comprehesive look, here

The Adobe Advisory is here

Adobe Reader zero-day attack – now with stolen certificate

 

Zero-Day Adobe Reader Exploit Drops Digitally Signed Malware

Security researchers from Kaspersky Lab warn that malware dropped by the latest PDF-based attacks is digitally signed with a certificate stolen from a credit union.

http://news.softpedia.com/news/Zero...t-Drops-Digitally-Signed-Malware-155657.shtml

 

You gotta just love Adobe. Just wouldn't be the same without their regular 'exploits.' boom boom

 

"I think the use of valid, stolen certificates to sign malware will really take off in 2011," the security researcher added.

 

Use EMET 2.0 to block Adobe Reader and Acrobat 0-day exploit

 

Newest Adobe zero-day PDF exploit 'scary,' says researcher

 

There is another way to block this type of exploit, which I just remembered: when the PDF file attempts to connect out to download the malware, a software firewall with outbound protection will intervene:

​

The URL it attempts to connect to has been taken down, so it wasn't possible to see the rest of the exploit in action, which would result in the downloader being blocked if you have some type of execution protection, as I showed in a previous post.

Regarding DEP+ASLR being bypassed: this is not the first time, and probably won't be the last. Researchers have shown in the past how this can be accomplished.

The only really sure protection (or maybe one of the sure protections) is to have all the executables on the computer in a White List. One of included specifics in the White List is the SHA-1 hash for each executable.

Then, when an exploit like this on attempts to install its malware, it won't match anything in the White List, and so will be blocked. End of Exploit.

----
rich

 

New Adobe 0day exploit in the wild

 

Adobe Flash Player Zero Day Under Attack - ZDNet Zeroday

Gird your loins until then.

 

Just came across this after a scan by secunia... extremely shameful. :|

 

Adobe Warns Acrobat Users: Don't Install Third-Party Security Patch:
http://news.yahoo.com/s/pcworld/201...crobatusersdontinstallthirdpartysecuritypatch

 

I wonder if the new Flash v10.2 beta (64bit lineup) has this fixed?

 

Thanks for this, the site in question with the patch Adobe warns of is here - Further reading

 

Adobe Schedules Flash Update For Monday, September 20

Adobe has updated their recent security advisory for Flash to note that the vulnerabilities disclosed in it will be patched this coming Monday, September 20. Updates for Adobe Flash Player for Windows, Macintosh, UNIX, Solaris and Android will all be released on that day.


http://blogs.pcmag.com/securitywatch/2010/09/adobe_schedules_flash_update_f.php

 

The Adobe advisory has been revised to reflect this.

 

The anticipated Adobe Reader 9.4 release is now available, via the internal update mechanism (or) via the download below >
http://get.adobe.com/reader/otherversions/
Select your operating system | language | build number.