Last year was a pretty decent one for Adobe Reader as it relinquished the dubious honor of being the
most exploited software (as ranked by Kaspersky Lab)
to Oracle’s Java. But the fact is it is still very popular among malware authors. For instance, last week security firm FireEye discovered an
exploit capable of bypassing the software’s sandbox
. Thankfully, Adobe, which wasted little time in confirming the zero-day exploit, expects to have a patch ready this week.
After being informed of the vulnerabilities by FireEye, Adobe issued a security advisory (APSA13-02) confirming the presence of “critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier for Linux.”
The company updated that advisory on Saturday in order to reflect the planned schedule for a patch. It expects to release the patch sometime during the ongoing week.
With FireEye preferring the “responsible disclosure” model, the technical details of the attacks aren’t known. All we know is that attackers are using malicious PDFs designed to exploit the said vulnerabilities.
“Upon successful exploitation, it will drop two DLLs,” FireEye revealed in a blog post last week. “The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
According to IDG-owned Computerworld, Costin Raiu, director of Kaspersky Lab's malware research and analysis team, feels the ongoing attacks targeting these vulnerabilities seem to be part of an operation “on the same level with Duqu."
"It's not something you see every day," he told Computerworld thursday.