Zero-Day Exploit Thwarts Adobe Reader's Sandbox Technology

Another day, another Adobe Reader vulnerability -- what else is new, right? It just so happens that this latest security hole affects several versions of Adobe Reader, including 10 and 11, both of which are supposed to keep the operating system isolated from attacks through sandbox technology. No dice.

"Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh," Adobe stated in a security bulletin. "These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message."

Sandbox
Image Source: Flickr (andrewmalone)

Adobe said it's in the processor of working on a fix, but in the meantime, Windows users are advised to enable Protected View. You can do so by going to Edit > Preferences > Security (Enhanced) and choosing the "Files from potentially unsafe locations" option.

Costin Raui, director of Kaspersky Lab's malware research and analysis team, said the exploit and subsequent malware are pretty sophisticated, adding "It's not something you see every day." He likened it to Duqu, a piece of malware that was related to Stuxnet.