Skip to main content

Another zero-day exploits Adobe and runs wild masquerading as a PDF

adobe reader

If you don’t know the sender, don’t open up the attached PDF. The warning applies to Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1 according to security firm FireEye, which first discovered the PDF zero-day exploit running rampant.

What happens is that the exploit, according to the hacker who discovered it, “drops two DLLs.” A DLL is a type of Microsoft file format called a Dynamic-link library. If you’ve visited a malicious website and had a DLL dropped into your computer without realizing what happened, the “fake” DLL with the same name as an existing DLL file can trick Windows to run in the background and wreak havoc.

adobe pdf zero day

With this hack in particular, FireEye explains how the DLL takes advantage of you – note that the exploit affects Windows, Mac, and Linux. “The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

The security company adds that Adobe’s security team has been notified of the exploit’s existence, which Adobe later confirmed:

“Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers.”

Since Adobe has yet to publish an update on its PDF’s vulnerability, it looks like the exploit could very well still be active at the time of this writing.

This is Adobe’s third zero-day that comes on the heels of two Flash-based zero-day vulnerabilities, which tricked victims into opening up attachments that impersonated Microsoft Word documents when in fact these attachments opened up malicious flash content. Adobe quickly patched these two vulnerabilities on Monday.

Editors' Recommendations

Francis Bea
Former Digital Trends Contributor
Francis got his first taste of the tech industry in a failed attempt at a startup during his time as a student at the…
U.S. govt. advises people to use browsers other than IE after zero-day flaw is revealed
internet explorer on the rise chrome and firefox lose steam windows 8 ie 11

After Microsoft revealed that a flaw in Internet Explorer 6 through 11 could allow a hacker to “gain the same user rights as the current user,” the United States Computer Emergency Readiness Team, which operates under the Department of Homeland Security, suggested that people should turn to another Web browser.
"US-CERT recommends that users and administrators enable Microsoft EMET where possible and consider employing an alternative web browser until an official update is available," the agency said, via this official blog post.
Microsoft is already working on a fix for the flaw.
“On completion of this investigation, Microsoft will take the appropriate action to protect our customers, which may include providing a solution through our monthly security update release process, or an out-of-cycle security update, depending on customer needs,” Redmond said in this security bulletin.
However, if you use Windows XP, the version of Internet Explorer you use won't be patched, leaving you permanently vulnerable to this flaw as long as you continue using IE. If you're unwilling to upgrade to an operating system that's still supported by Microsoft, like Windows 7 or Windows 8, you should strongly consider switching to a browser that isn't vulnerable to this threat, like Google Chrome or Mozilla Firefox. However, it's worth noting that FireEye, the Internet security firm which claims to have initially discovered the flaw, reported that most of the attacks that have been documented have primarily targeted Internet Explorer 9 through 11.
What do you think? Sound off in the comments below.
Image credit:

Read more
Adobe Flash under fire with another zero-day exploit
adobe talks flash 10 1 and apples html5 obsession player icon

Less than a week after warning users about a zero-day exploit in its PDF software, Adobe found another zero-day exploit in Flash. Adobe said hackers are already taking advantage of a critical flow in the current version of Flash to attack Windows PCs to “cause a crash and potentially allow an attacker to take control.”

Despite Adobe’s claims that the attacks are “limited” and “targeted” only at Windows users, the flaw is pretty far-reaching. All editions of Flash 9 and 10, including those for Windows, Mac, Linux, Solaris, and Google’s Android mobile operating system, and earlier versions, are affected. It’s also present in Adobe Reader and Acrobat, as well, since both programs include code to run Flash embedded in PDF documents. There are no reports of hackers exploiting the bug in PDF applications at this time, according to the company.

Read more
Adobe Acrobat and Reader under attack with a zero-day exploit
adobe acrobat and reader under attack with a zero day exploit

Adobe identified a critical vulnerability in Adobe Acrobat and Reader on Tuesday, but said today that attackers were already exploiting this bug. All versions of Acrobat and Reader 8 and 9 for Windows, Macintosh, and Unix are open to attack. Even the latest versions, 8.2.4 and 9.3.4 are not safe. Other PDF reading alternatives, such as Foxit Reader, are not affected.

Masquerading as a harmless PDF file, this exploit has malformed font and image files. Spreading as an e-mail attachment to innocent-sounding emails, the PDF saves and runs an executable file to disk when it’s opened. A variation of the email offers tips on ways to improve your golf game. Security firm Trend Micro spotted a variation with a Trojan, TROJ_PIDIEF.WM, that downloaded two other Trojans called TROJ_DLOADR.WM and TROJ_CHIFRAX.BU.

Read more