Adobe Reader and Acrobat 9.3.4 Plagued by 0-day Vulnerability
UPDATE September 14: Adobe announced a fix will be issued during the week of October 4. Adobe also announced Flash Player 10.1 is plagued by critical vulnerability that also affects Adobe Reader and Adobe Acrobat. A patch for this issue will also be released during the week of October 4.
UPDATE 13 September: Adobe updated the security advisory to include a mitigation option for Windows users: use EMET 2.0 to prevent the exploitation of the Adobe Reader and Adobe Acrobat vulnerability mentioned below.
Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac, are plagued by a critical vulnerability announced Adobe, the California-based company that specializes in creating multimedia and creativity software products. As Adobe explained, if someone with malicious intent exploited this vulnerability, that person could crash the targeted system and even take control of the targeted system.
Adobe has posted a security advisory in regards to the newly discovered vulnerability. In the advisory Adobe says the following:
“Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability. Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.”
So let’s recap: we have a critical vulnerability that could allow an attacker to crash and potentially take over the targeted machine. Adobe Reader 9.3.4 and previous versions are all affected; Adobe Acrobat 9.3.4 and previous versions are affected as well. Adobe does not yet now the precise date when it will release a fix for this issue.
Ready for something even worse? Here goes: the vulnerability that Adobe said it is aware of is actively being exploited in the wild. “There are reports that this vulnerability is being actively exploited in the wild,” said David Lenoe on behalf of the Adobe Product Security Incident Response Team.
The fact that the vulnerability is being exploited in the wild has been confirmed by McAfee, company that specializes in providing security software solutions for home and business users. McAfee said the vulnerability is a typical stack buffer overflow that occurs while Adobe Reader is parsing TrueType Fonts. The security company, which has entered a definitive agreement to be acquired by Intel, added that exploiting this vulnerability is expected to be a relatively easy task.
“Although the latest version of Reader has been compiled with stack protection (/GS), the exploit uses an Return Oriented Exploitation (ROP) technique to bypass /GS protection and data execution prevention (DEP). McAfee Labs is coordinating with Adobe PSIRT, and we’ve provided them with additional details on the bug. Adobe Acrobat users are urged to update their security definitions for the various products,” said McAfee’s Xiao Chen.
UPDATE 13 September: Adobe updated the security advisory to include a mitigation option for Windows users: use EMET 2.0 to prevent the exploitation of the Adobe Reader and Adobe Acrobat vulnerability mentioned below.
Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac, are plagued by a critical vulnerability announced Adobe, the California-based company that specializes in creating multimedia and creativity software products. As Adobe explained, if someone with malicious intent exploited this vulnerability, that person could crash the targeted system and even take control of the targeted system.
Adobe has posted a security advisory in regards to the newly discovered vulnerability. In the advisory Adobe says the following:
“Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability. Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available. As always, Adobe recommends that users follow security best practices by keeping their anti-malware software and definitions up to date.”
So let’s recap: we have a critical vulnerability that could allow an attacker to crash and potentially take over the targeted machine. Adobe Reader 9.3.4 and previous versions are all affected; Adobe Acrobat 9.3.4 and previous versions are affected as well. Adobe does not yet now the precise date when it will release a fix for this issue.
Ready for something even worse? Here goes: the vulnerability that Adobe said it is aware of is actively being exploited in the wild. “There are reports that this vulnerability is being actively exploited in the wild,” said David Lenoe on behalf of the Adobe Product Security Incident Response Team.
The fact that the vulnerability is being exploited in the wild has been confirmed by McAfee, company that specializes in providing security software solutions for home and business users. McAfee said the vulnerability is a typical stack buffer overflow that occurs while Adobe Reader is parsing TrueType Fonts. The security company, which has entered a definitive agreement to be acquired by Intel, added that exploiting this vulnerability is expected to be a relatively easy task.
“Although the latest version of Reader has been compiled with stack protection (/GS), the exploit uses an Return Oriented Exploitation (ROP) technique to bypass /GS protection and data execution prevention (DEP). McAfee Labs is coordinating with Adobe PSIRT, and we’ve provided them with additional details on the bug. Adobe Acrobat users are urged to update their security definitions for the various products,” said McAfee’s Xiao Chen.
