Hackers are exploiting a 0-day vulnerability in Adobe Reader

Posted: November 8, 2012 in IT Security News
Tags: , ,

Hackers attackGroup IB researchers discovered a vulnerability in Adobe Reader X and XI, which is actively exploited by hackers.

Experts of Group IB discovered a vulnerability in Adobe Reader version X and XI, which is actively exploited by virus writers. This vulnerability allows a remote user to execute arbitrary code on the target system, for which the victim to open a specially crafted PDF file in a browser or Adobe Reader.

According to researchers, this vulnerability is exploited in some versions of banking Trojans, such as Zeus, Spyeye, Carberp, Citadel. Cost to exploit this vulnerability is estimated between $ 30,000 to $ 50,000.

“Successful exploitation of this vulnerability requires special conditions: for example, to implement the unauthorized execution of arbitrary code, you must close the Internet browser or restart it, – said the director of international projects, audit and consulting Group-IB Andrey Komarov. – Another option is to initialize the exploitation of interaction with the user, according to which the victim required to approve any action in the context of an open document, and then execute the malicious code. “

Researchers identify the fact that they have discovered the vulnerability is the first of those to which you have to create a working exploit. Previously discovered vulnerabilities in Adobe Reader X and XI were not maintained, because the application uses a functional sandbox.

“Vulnerabilities” zero day “entails the emergence of new ways to spread malicious code that is actively used by cyber criminals to create an effective mechanism of infection, – said the head of the U.S. Office of Group-IB John Clements – The biggest risk for users to create exactly the products of mass use such as the popular Adobe Reader. Therefore, in the near future can be expected to yield an update for the program, which will close the discovered vulnerability. “

A detailed description of the vulnerability can be found here.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s