Feeds

back to article Adobe investigating attacks on PDFs using zero-day flaw

Vulnerability researchers at FireEye are reporting that Adobe's Reader software has a zero-day flaw that hackers are already exploiting in the wild. FireEye flaw You've been pwned (click to enlarge) The flaw is found in Adobe Reader 9.5.3, 10.1.5, and 11.0.1 and involves sending a specially crafted file to the target. …

COMMENTS

This topic is closed for new posts.
Anonymous Coward

Is this the same flaw that Group-IB found at the end of last year, which circumvents the sandbox?

http://www.theregister.co.uk/2012/11/08/adobe_reader_zero_day/

0
0

Simple solution (if you have Chrome)...

SDELETE Adobe Reader (or DBAN your drive if you're feeling particularly hateful)... then...

1) Right click on PDF file

2) Open with...

3) Find chrome.exe

4) "Always use the selected program to open this kind of file"

5) Say "Yipee!"

Now I do admit that you'll need Chrome installed in order for this to work (might be doable in other browsers with built-in PDF viewers but I haven't tested accordingly) and yes I am also aware that Chrome's PDF rendering isn't necessarily the best in the world.

Having said that however Chrome does open the vast majority of PDF files I have to deal with without issues and hence I have actually been without Adobe Reader for quite some time now.

And yes, Chrome may have their own issues from time to time but let's be honest here; they patch a HECK OF A LOT faster than Adobe.

0
1
Anonymous Coward

Re: Simple solution (if you have Chrome)...

Chrome?

C'mon this is the Reg, less of the spyware.

3
0
Silver badge
Boffin

Re: Simple solution (if you have Chrome)...

I expect you'll still need to use Reader to fill in official forms online. Like Java, it's enough just to disable the browser plug-in.

Firefox 19 onwards also has a built-in PDF reader (in fact Chrome's comes from Firefox), so disable the plug-in just to be sure and let the browser render PDFs itself. In earlier Firefoxes (15 onwards I think) you have to enable it in about:config, the option is pdfjs.disabled.

0
0
Anonymous Coward

Re: Simple solution (if you have Chrome)...

Using Chrome to open PDF documents is akin to using a sledgehammer to crack a nut. Far better to install Sumatra PDF (available as a portable version as well). The software is so lightweight it opens PDFs instantly, even on old hardware. Rendering is also great. There's also a browser plugin.

0
0
Anonymous Coward

Re: Simple solution (if you have Chrome)...

So, you are suggesting to replace the worlds most vulnerable PDF reader with the worlds most vulnerable browser? uhm...no thanks.

Installing a dedicated 3rd party PDF reader like Fox-it would be much safer.

0
0
Anonymous Coward

there are a whole bunch of these zero days

we just were spear-phished with some very obfuscated Adobe pdf stream objects, plus the vxers helpfully threw in a handful of other discrete .doc viruses in the .rar blob folder. Thankfully we've successfully taught our main 'target' users what this years' bad things look like.

None of the antivirus programs that I've scanned the pdfs with have yet remarked that they are plausible/valid documents which have been hollowed-out and stuffed with trojans.

The code page & iso font codes probably indicate China, but we inevitably start the slippery smoke and mirrors slope of attribution...as I'd use 'fake' attributes if I was the USA hacking team

2
0
Anonymous Coward

I binned Adobes bloatware years ago. And chrome is something that annoys me with the number of stealth installs it performs on some peoples systems due to pre ticked boxes - any software worth bothering with will gain traction by word of mouth rather than by being sneaked onto a system.

Maybe a useful addition for Opera to consider... a PDF tool alongside the built in torrent client.

1
0
Anonymous Coward

Installs DLLs? Of course Linux & Mac users now really have to shake in fear...

2
1
Silver badge
Windows

Go away

Eadon....

0
0
Linux

Only an idiot would run the official Adobe reader

You would have to be some sort of special case you actively go out your way to install Adobe reader on Linux when so many better alternatives exist.

The default Reader in KDE (okular) is far far far faster, uses less resources, and don't come with the special adobe sauce that renders all security obsolete.

Even the poor gnome users (one step away from windows8) have a far better default browser.

I used to hate pdfs when I used Windows, not so on Linux. (same goes for general life)

0
0
Anonymous Coward

Couldn't have said it better myself..

Adobe's products have been a primary attack vector for years now

Yup. Which is why I am very annoyed with the BBC for building their iPlayer on Adobe Air.

Oh, then there is this... Thank you, Adobe.

0
1
Bronze badge

Re: Couldn't have said it better myself..

And even if the BBC wrote their s/w from scratch there still would be zero day attacks because it would be a popular program used by many naive users and so a worthwhile target for hackers to investigate.

1
0
Silver badge
Windows

Re: Couldn't have said it better myself..

Yep, i cant wait for HTML 5 to become mainstream as then i can avoid the utter dog egg that flash is...

0
0
Bronze badge
Thumb Up

dont use Adobe crap

this works

http://www.infradead.org/get_iplayer/html/get_iplayer.html

0
1
WTF?

Re: dont use Adobe crap

... PDFs - assume you didn't read the article, good work.

0
0
Silver badge

Pointless Document Format

NT please - or use a computer shaped document format and use all the well tried and tested techniques that Adobe clumsily adds on to PDF.

It does nothing it says on the tin.

0
0
DJO
Bronze badge
Devil

You mean I'm not alone in disliking Acrobat?

While most software has incremental improvements, Acrobat (like most Adobe software) is unusual in having excremental changes.

Personally I use Foxit to read PDFs, not perfect but a zillion times better than Acrobat.

0
0
Gold badge

Risk assessment

"by some estimates, Reader is on 90 per cent of PCs in the Western world."

Odd. Anyone running a Windows PC without an AV package is regarded as recklessly insane, and yet:

None of these packages flag up Reader, despite it being the biggest single attack vector there is.

People running this attack vector are *not* regarded as recklessly insane.

0
0
Anonymous Coward

What about PDF-XChange Viewer?

I got rid of Adobe a long time ago. It has a great Firefox plugin.

0
0
This topic is closed for new posts.