Zero-Day Exploit Thwarts Adobe Reader's Sandbox Technology

rated by 0 users
This post has 2 Replies | 0 Followers

Top 10 Contributor
Posts 26,749
Points 1,210,425
Joined: Sep 2007
News Posted: Thu, Feb 14 2013 11:19 AM
Another day, another Adobe Reader vulnerability -- what else is new, right? It just so happens that this latest security hole affects several versions of Adobe Reader, including 10 and 11, both of which are supposed to keep the operating system isolated from attacks through sandbox technology. No dice.

"Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh," Adobe stated in a security bulletin. "These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message."

Image Source: Flickr (andrewmalone)

Adobe said it's in the processor of working on a fix, but in the meantime, Windows users are advised to enable Protected View. You can do so by going to Edit > Preferences > Security (Enhanced) and choosing the "Files from potentially unsafe locations" option.

Costin Raui, director of Kaspersky Lab's malware research and analysis team, said the exploit and subsequent malware are pretty sophisticated, adding "It's not something you see every day." He likened it to Duqu, a piece of malware that was related to Stuxnet.
  • | Post Points: 35
Top 25 Contributor
Posts 3,692
Points 55,940
Joined: Jul 2004
Location: United States, Massachusetts
Dave_HH replied on Thu, Feb 14 2013 12:35 PM

The kid with the bucket on his head is just priceless. #stellarimageselection

Editor In Chief

  • | Post Points: 5
Top 500 Contributor
Posts 166
Points 1,430
Joined: Jan 2010
Location: Texas City
detnight replied on Fri, Feb 15 2013 12:06 AM

yeah but what is the kid with blue bucket thinking about . He looks like deep thought about what is down the hill

Asus M4A79T deluxe,AMD Athlon II X4 620,SAPPHIRE R9 270X 4GB GDDR5 WITH BOOST & OC,BeerPatriot Viper DDR3 1333 8gb,Creative Sound Blaster X-Fi Titanium Fatal1ty Pro,Diamond ATI TV Wonder HD 650 Comb,Plextor DVD-CD burner,Patriot PS-100 SSD 32gb ,WD 500gb 32mg,Antec Twelve Hundred Full Tower,Antec True Power Quattro 1000watts,Toshiba 40in 1080p for a monitor

  • | Post Points: 5
Page 1 of 1 (3 items) | RSS