Hackers target unpatched Adobe flaw

By
Follow google news

PDF vulnerability being exploited ahead of update.

Security experts are warning that an unpatched Adobe PDF vulnerability due to be fixed in the vendor's upcoming 12 January quarterly security update is actively being exploited in the wild.

The flaw in Acrobat and Reader software, which was first discovered in mid-December, could allow a hacker to cause a system crash and potentially take control of an affected PC.

Despite reports at the time that the flaw was actively being exploited, Adobe's director of product security and privacy, Brad Arkin, explained that the firm would not be working on a fix prior to the 12 January quarterly update because it could "negatively impact the timing of the next quarterly security update".

However, hackers appear to be stepping up their activities. A posting on security vendor Trend Micro's blog today said that a new PDF sample exploiting the same unpatched vulnerability in Acrobat and Reader has been spotted in the wild.

"The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system," the blog noted.

"When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system."

Until 12 January, Adobe is recommending customers to either disable JavaScript in Reader and Acrobat or, for those running versions 9.2 or 8.1.7, to use the JavaScript Blacklist Framework.

Hackers target unpatched Adobe flaw
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

National photo licence recognition system set to go live in 2025

National photo licence recognition system set to go live in 2025

Hackers using F5 devices to target US gov networks

Hackers using F5 devices to target US gov networks

Qantas says customer data released by cyber criminals

Qantas says customer data released by cyber criminals

Austrade to replace its data centre core network

Austrade to replace its data centre core network

Log In

  |  Forgot your password?