Tuesday, April 13, 2021

Researchers Warn of Zero-Day Adobe Reader Vulnerability

Researchers from FireEye claim to have discovered a new security vulnerability in Adobe Reader that is being actively exploited in the wild. If the report proves to be true, it would be the first documented case of an attack getting around Reader’s sandbox protections.

The Next Web’s Emil Protalinski reported, “A new Adobe Reader 0-day vulnerability has been discovered, and is already being exploited in the wild. Currently, disabling Adobe Reader and using another PDF reader is the only way to protect your computer. The finding comes from FireEye, which says the critical vulnerability allows criminals to inject malicious code into a system. The company says it has confirmed successful exploitation on the latest versions of Adobe Reader, including 9.5.3, 10.1.5, and 11.0.1.”

Computerworld’s Lucian Constantin explained, “The exploit drops and loads two DLL files on the system. One file displays a bogus error message and opens a PDF document that’s used as a decoy, the FireEye researchers said. Remote code execution exploits regularly cause the targeted programs to crash. In this context, the fake error message and second document are most likely used to trick users into believing that the crash was the result of a simple malfunction and the program recovered successfully. Meanwhile, the second DLL installs a malicious component that calls back to a remote domain, the FireEye researchers said.”

Ars Technica’s Dan Goodin noted, “If true, the attacks are notable because they pierce security defenses Adobe engineers designed to make malware attacks harder to carry out…. So far, there have been no documented in-the-wild exploits that have successfully bypassed the Reader sandbox. The protection is designed to minimize the damage of attacks that exploit buffer overflows and other types of software bugs by isolating Web content from sensitive parts of the underlying operating system. As a result, the application will typically crash when flaws are exploited, but attackers remain unable to remotely execute malicious code on vulnerable computers.”

On its company blog, Adobe said, “Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information.”

Similar articles

Latest Articles

The Conversational AI Revolution:...

One of the things I’m looking forward to seeing at next week’s NVIDIA GTC event is an update on their Conversational AI efforts. I’m fascinated...

Edge Computing

Edge computing is a broad term that refers to a highly distributed computing framework that moves compute and storage resources closer to the exact...

Data-Driven Decision Making: Top...

The phrase data-driven decision making – certainly popular in the field of data analytics – may seem redundant. After all, nearly everything is driven...

Top Performing Artificial Intelligence...

As artificial intelligence has become a growing force in business, today’s top AI companies are leaders in this emerging technology. Often leveraging cloud computing and...