Adobe hit by another zero-day flaw

 

Gallery

By Nicole Kobie

Posted on 9 Sep 2010 at 08:39

Adobe has warned of a critical zero-day flaw in Adobe Reader and Acrobat.

The vulnerability takes advantage of a boundary error to take over a user's computer. It affects Adobe Reader and Acrobat 9.3.4 and earlier, on computers running Windows or Mac, but a user would have to open a malicious PDF first.

"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in a security bulletin. "There are reports that this vulnerability is being actively exploited in the wild."

Adobe is working on an update to patch the flaw, but couldn't say when it would arrive. "Adobe is in the process of evaluating the schedule for an update to resolve this vulnerability," the company said.

The flaw was reported to Adobe by security researcher Mila Parkour, who said the attack drops a file onto the computer which connects to an external site.

Metasploit's Joshua Drake noted the flaw is unlike other Adobe vulnerabilities seen in the wild. "This exploit works on Windows Vista and Windows 7," Drake said on the security blog. "Unlike the previous exploits, it is not dependent on a hardcoded Windows XP syscall."

Drake added that the exploit uses a new technique to bypass address space layout randomisation (ASLR), which places key data in random positions to make it harder for hackers to know where to attack.

Adobe is set to boost security by sandboxing Reader in its next update.