$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts

tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."

Re:Translating Roman Numerals... srsly???

[guruevi]

Adobe themselves does it. They have Acrobat X/XI on the marketing side but installation and license calls it Acrobat 10/11

Re:Foxit people!

[Anonymous Coward]

I don't get it why people just go half the way from Acrobat to Foxit. Sumatra is Open Source, small, fast and, so far hasn't failed me for any PDFs I've tried (admittedly none were of the stupid javascript online validating form crap variety).

Every IT pro should know about Sumatra.