Russian security firm Group-IB claims to have uncovered a critical Adobe Reader vulnerability that is currently being exploited in the wild by attackers in order to circumvent the ubiquitous PDF viewer’s sandbox, a security feature Adobe first introduced as part of Reader X nearly two years ago. Even though this zero-day vulnerability is said to have a few “limitations”, they don’t seem to be crippling enough to stop it from being sold on the black market for anywhere between $30,000 and $50,000.
“There is [a] new vulnerability in Adobe X which helps execute its own shellcode with the help of malformed PDF-documents with specially crafted forms,” Group-IB revealed in a news release earlier this week. According to the company, this is the first documented method of bypassing the Adobe Reader sandbox, dubbed Protected Mode, through shellcode execution. Needless to say, this is very appealing to cybercriminals.
"We have monitored special private communities, where there is information about [the exploit]," Andrey Komarov, the head of the International Projects Department at Group-IB and chief technical officer of the firm’s Computer Emergency Response Team (CERT-GIB), told IDG Thursday, adding that most of this “information is on private Russian and Chinese hacker forums."
The firm has warned that this zero-day exploit, already present in a new modified version of the infamous Blackhole exploit kit, could witness a rise in its popularity among cybercriminals.