Web

Another zero-day exploits Adobe and runs wild masquerading as a PDF

adobe reader

If you don’t know the sender, don’t open up the attached PDF. The warning applies to Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1 according to security firm FireEye, which first discovered the PDF zero-day exploit running rampant.

What happens is that the exploit, according to the hacker who discovered it, “drops two DLLs.” A DLL is a type of Microsoft file format called a Dynamic-link library. If you’ve visited a malicious website and had a DLL dropped into your computer without realizing what happened, the “fake” DLL with the same name as an existing DLL file can trick Windows to run in the background and wreak havoc.

adobe pdf zero day

With this hack in particular, FireEye explains how the DLL takes advantage of you – note that the exploit affects Windows, Mac, and Linux. “The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

The security company adds that Adobe’s security team has been notified of the exploit’s existence, which Adobe later confirmed:

“Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers.”

Since Adobe has yet to publish an update on its PDF’s vulnerability, it looks like the exploit could very well still be active at the time of this writing.

This is Adobe’s third zero-day that comes on the heels of two Flash-based zero-day vulnerabilities, which tricked victims into opening up attachments that impersonated Microsoft Word documents when in fact these attachments opened up malicious flash content. Adobe quickly patched these two vulnerabilities on Monday.

Computing

Adobe’s craziest new tools animate photos, convert recordings to music in a click

Adobe shared a glimpse behind the scenes at what's next and the Creative Cloud future is filled with crazy A.I.-powered tools, moving stills, and animation reacting to real-time tweets.
Photography

Adobe Premiere Rush CC is the cloud-based video editing app you've been waiting for

On stage at Adobe MAX 2018, Adobe announced its cloud-centric, social video-editing application, Adobe Premiere Rush CC. We took some time to put it through its paces to see what it offers, how it works, and what's missing.
Photography

Remove photo bombs, other unwanted objects with Photoshop’s new Content-Aware Fill

Photoshop's newest A.I-powered tool helps remove objects or fill in gaps for a distraction-free photo in the new Adobe Photoshop CC 2019. Here's how to remove an object in Photoshop using the new Content-Aware Fill.
Computing

Spoof Adobe Flash updaters are inserting cryptocurrency mining malware

As part of these attacks, bogus Adobe updaters go on to legitimately update Flash Player and throw users to an official website on completion. Unfortunately, they also embed an "XMRig" mining bot in the process.
Social Media

Sick of Facebook privacy scandals? Here's how to protect your personal data

With a number of security scandals in 2018, it has us questioning if we should get rid of Facebook. Here's how to protect your personal data without deleting your account, as well as how to just nuke the thing altogether.
Computing

Google Slides now auto-transcribes verbal presentations for real-time captions

A new feature for the Google Slides presentation software uses a computer's built-in microphone to transcribe the words of a speaker in real time, displaying them for everyone to see.
Mobile

PayPal will soon let you withdraw cash at Walmart, but there’s a catch

PayPal has teamed up with Walmart to allow its account holders to withdraw and deposit cash at the store. The service launches at all Walmart stores across the U.S. in early November, but there's a catch.
Mobile

Pixel 3, Home Hub, and Pixel Slate — our first look at all Google’s new devices

Google has taken the wraps off of a slew of new devices, including the Pixel 3 smartphones, Google Home Hub smart display, Google Pixel Slate tablet, and more. We were at the event, and took a ton of photos of all of Google's new products.
Music

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Computing

Here's how to download a YouTube video to watch offline later

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.
Cars

Carbuying can be exhausting: Here are the best used car websites to make it easier

Shopping for a used car isn't easy, especially when the salesman is looking to make a quick sale. Thankfully, there are plenty of sites aimed at the prospective buyer, whether you're looking for a sedan or a newfangled hybrid.
Computing

How to recover Google contacts

If you accidentally deleted an important person from your Google Contacts, they might not be lost forever. Recovering them is a fairly easy process -- as long as you do it quickly. Here's how.
Computing

Afraid that Bitcoin could be a bubble? Here's how to sell what you've got

If you're investing in cryptocurrencies, it's important to have your exit strategy in place if prices start to crash. If you've decided it's time to get out or just want to learn how to sell Bitcoins, here's how to get started.
Computing

Don't take your ISP's word for it: Here's how to test your internet speed

If you're worried that you aren't getting the most from your internet package, speed tests are a great way to find out what your real connection is capable of. Here are the best internet speed tests available today.