Web

Another zero-day exploits Adobe and runs wild masquerading as a PDF

adobe reader

If you don’t know the sender, don’t open up the attached PDF. The warning applies to Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1 according to security firm FireEye, which first discovered the PDF zero-day exploit running rampant.

What happens is that the exploit, according to the hacker who discovered it, “drops two DLLs.” A DLL is a type of Microsoft file format called a Dynamic-link library. If you’ve visited a malicious website and had a DLL dropped into your computer without realizing what happened, the “fake” DLL with the same name as an existing DLL file can trick Windows to run in the background and wreak havoc.

adobe pdf zero day

With this hack in particular, FireEye explains how the DLL takes advantage of you – note that the exploit affects Windows, Mac, and Linux. “The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

The security company adds that Adobe’s security team has been notified of the exploit’s existence, which Adobe later confirmed:

“Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers.”

Since Adobe has yet to publish an update on its PDF’s vulnerability, it looks like the exploit could very well still be active at the time of this writing.

This is Adobe’s third zero-day that comes on the heels of two Flash-based zero-day vulnerabilities, which tricked victims into opening up attachments that impersonated Microsoft Word documents when in fact these attachments opened up malicious flash content. Adobe quickly patched these two vulnerabilities on Monday.

Computing

Is your PC safe? Foreshadow is the security flaw Intel should have predicted

Three new processor vulnerabilities have appeared under the 'Foreshadow' banner. They're similar in nature to Meltdown and Spectre, only they steal data from different memory spaces. Here's everything you need to know.
Social Media

How to use Adobe Spark Post to spice up your social media images

Images are proven to get more likes than plain text -- but only if those images are good. Adobe Spark post is an AI-powered design program for non-designers. Here's how to use it to take your social media feeds to the next level.
Movies & TV

The best shows on Netflix in August, from ‘Arrested Development’ to ‘Dark Tourist’

Looking for a new show to binge? Lucky for you, we've curated a list of the best shows on Netflix, whether you're a fan of outlandish anime, dramatic period pieces, or shows that leave you questioning what lies beyond.
Photography

Photo FOMO: Leica Elpro turns plain lenses into macro, Fujifilm Fest returns

In this week's photo industry news, Leica launches a way to turn plain lenses into macro lenses. Artificial Intelligence keeps growing with new uses with Getty Images and the Samsung Galaxy Note 9 camera.
Mobile

Find your way around Google Maps with these handy tips and tricks

How good are your navigation skills? We've got a delectable menu of Google Maps tips and tricks for you right here, to take the pain out of your trips. Go from newbie to mapping master and learn how to use Google Maps.
Emerging Tech

Widespread internet access is causing mass sleep deprivation, study suggests

A study claims that high-speed internet may be costing us up to 25 minutes of sleep per night. And, surprisingly, the biggest problem isn't among those young people who are under 30.
Computing

Network routers with roaming enabled are likely susceptible to a new attack

Jens Steube discovered a new method to break into network routers while researching new ways to attack the WPA3 security standard. He stumbled onto an attack technique capable of cracking hashed WPA-PSK passwords.
Computing

Saving your favorite YouTube videos for posterity is quick, easy with these tools

Learning how to download YouTube videos is easier than you might think. There are plenty of great tools you can use, both online and offline. These are our favorites and a step by step guide on how to use them.
Computing

Hacker plays ‘Doom’ on John McAfee’s ‘unhackable’ BitFi Bitcoin wallet

The BitFi hardware cryptocurrency wallet isn't as unhackable as John McAfee claims. A 15-year-old bedroom hacker has managed to get Doom running on the device, suggesting its days may soon be numbered.
Computing

Having issues with Microsoft Edge? Here's how to fix the most common problems

If you're feeling frustrated with Microsoft Edge, or have run into a serious problem with Windows 10's built-in browser, take a look at these common issues and the solutions that can help you get back on track.
Movies & TV

'Prime'-time TV: Here are the best shows on Amazon Prime right now

Amazon Prime brings more perks than just free two-day shipping. Subscribers get access to a huge library of TV shows to stream at no extra cost. Here are our favorite TV shows currently available on Amazon Prime.
Music

Spotify vs. Pandora: Which music streaming service is better for you?

Which music streaming platform is best for you? We pit Spotify versus Pandora, two mighty streaming services with on-demand music and massive catalogs, comparing every facet of the two services to help you decide which is best.
Photography

The best place to print photos online: Seven top photo labs

Have you been looking around for the best place to print out your favorite photos online? Don't fret, we've pored through dozens of options and narrowed it down to the seven best.
Computing

The browser-based Monero miner Coinhive generates around $250,000 each month

Despite a fall in cryptocurrency mining, the Coinhive Monero miner is still highly active, generating around $250,000 each month. Coinhive also contributes 1.18 percent of the total mining power behind the Monero blockchain.