Security experts are warning that an unpatched Adobe PDF vulnerability due to be fixed in the vendor's upcoming 12 January quarterly security update is actively being exploited in the wild.The flaw in Acrobat and Reader software, which was first discovered in mid-December, could allow a hacker to cause a system crash and potentially take control of an affected PC.Despite reports at the time that the flaw was actively being exploited, Adobe's director of product security and privacy, Brad Arkin, explained that the firm would not be working on a fix prior to the 12 January quarterly update because it could "negatively impact the timing of the next quarterly security update".However, hackers appear to be stepping up their activities. A posting on security vendor Trend Micro's blog today said that a new PDF sample exploiting the same unpatched vulnerability in Acrobat and Reader has been spotted in the wild."The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system," the blog noted."When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system."Until 12 January, Adobe is recommending customers to either disable JavaScript in Reader and Acrobat or, for those running versions 9.2 or 8.1.7, to use the JavaScript Blacklist Framework.
Copyright ©v3.co.uk
A confirmation email has been sent to your email address - SUPPLIED GOES EMAIL HERE. Please click on the link in the email to verify your email address. You need to verify your email before you can start posting.
If you do not receive your confirmation email within the next few minutes, it may be because the email has been captured by a junk mail filter. Please ensure you add the domain @itnews.com.au to your white-listed senders.