Both Foxit Software and Adobe Systems are looking at ways of warning users about a new PDF attack threatening system security. Didier Stevens, an IT consultant with Contraste Europe, discovered the vulnerability, which entails getting PDF viewers to automatically execute embedded executables when the PDF file is opened.
"After receiving word of a recent security concern, the Foxit development team immediately looked into the issue, confirmed the risk and resolved the situation quickly," the company told eWEEK in a statement. "Foxit expects to release a new version of Foxit Reader with this fix on April 2, 2010.
"To address the specific problems outlined, Foxit has added a warning dialog box that will pop up when a PDF file is opened with Foxit Reader, asking the user to agree to execute or not," the company continued. "This solution adds a layer of safety yet maintains Foxit Reader’s compliance with current PDF standards."
Adobe already has a warning box in place, but Stevens claims there's a way for hackers to partially alter the dialog. According to eWEEK, Adobe is discussing the potential threat but didn't say if it would take any further precautions.
If you haven’t done so already, make sure your Adobe reader has checked for, and downloaded the latest updates. Adobe has finally released a patch for the zero day scripting vulnerability in its PDF software. The patch for version 9 hit the net a bit earlier than expected, but not a moment too soon to combat this now critically exploited weakness which has been in the wild now since December 2008. The patches for Version 7 & 8 are still planned for March 18th and users of this version would be advised to either upgrade to 9.1 or consider Foxit Reader.
The news was posted by Adobe blogger David Lenoe. "Today, we posted the Adobe Reader 9.1 and Acrobat 9.1 update, which resolves the recent JBIG2 security issue (CVE-2009-0658), including the 'no-click' variant of the vulnerability." "We encourage all Adobe Reader users to download and install the free Adobe Reader 9.1."
For those that haven’t been following the details of the exploit, the vulnerability is a result of an array indexing error in the processing of JBIG2 streams. Hackers have found a way to corrupt arbitrary memory using the PDF format and take control of compromised systems. The lesson learned here if we didn’t know it already, don’t take candy, or PDF’s from strangers.
Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.
According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.