Forgot your password?
typodupeerror
Security Software

$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts 56

Posted by timothy
from the kicking-sand-in-your-face dept.
tsu doh nimh writes with this excerpt from Krebs on Security: "Software vendor Adobe says it is investigating claims that instructions for exploiting a previously unknown critical security hole in the latest versions of its widely-used PDF Reader software are being sold in the cybercriminal underground. The finding comes from malware analysts at Moscow-based forensics firm Group-IB, who say they've discovered that a new exploit capable of compromising the security of computers running Adobe X and XI (Adobe Reader 10 and 11) is being sold in the underground for up to $50,000. This is significant because — beginning with Reader X — Adobe introduced a 'sandbox' feature aimed at blocking the exploitation of previously unidentified security holes in its software, and until now that protection has held its ground. Adobe, meanwhile, says it has not yet been able to verify the zero-day claims."
This discussion has been archived. No new comments can be posted.

$50,000 Zero-Day Exploit Evades Adobe's Sandbox, Say Russian Analysts

Comments Filter:
  • by InvisibleClergy (1430277) on Thursday November 08, 2012 @10:44AM (#41918219)

    If I remember correctly, Flame was first identified by Kapersky, a Russian company. In this age wherein the US Government has a cyber-warfare division, it seems as though a large amount of the interesting, practical work in Computer Security is moving to Russia.

  • by Anonymous Coward on Thursday November 08, 2012 @10:51AM (#41918299)

    Well since most of the interesting, practical work in Computer Insecurity is there as well, it makes sense.

  • by 140Mandak262Jamuna (970587) on Thursday November 08, 2012 @10:54AM (#41918335) Journal
    Adobe PDF and Flash are now the two most serious vectors for malware. Most of us have switched to foxit reader. But I learnt that some of the security holes are actually in the pdf spec itself, and whatever $reader you are using, if it is faithful to the specs, the vulnerability will exist. In this case, is it the reader or the specs that is broken?

    High time people stop using the Adobe pdf reader, and disable the "active hyperlinks" in it if it cant be fully uninstalled. Just in case some malware manages to trick the browser into using the installed adobe reader overriding the preference to foxit reader.

  • by slashmydots (2189826) on Thursday November 08, 2012 @11:08AM (#41918441)
    In the new 11 version, you can no longer turn off the "view PDF in web browser" that basically frames it within your browser like a page without you ever approving it. So any rigged PDFs get loaded automatically. You used to be able to turn it off and only open PDFs via a file download prompt if a page is trying to serve one up.

"Confound these ancestors.... They've stolen our best ideas!" - Ben Jonson

Working...