Attackers Are Exploiting Adobe Acrobat and Reader
As if the Apple iOS 6.1 security flaw isn’t enough, there’s another one. Yesterday, Adobe posted in their security bulletin that a malicious file can cause the application to crash and allow an attacker to take control. This security hole affects Mac and Windows and are working on an immediate fix.
Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.
Adobe Acrobat and Adobe Reader Versions affected:
- Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
- Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
If you have Adobe Reader XI or Adobe Acrobat XI for Windows, here’s what you can do:
Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the “Files from potentially unsafe locations” option under the Edit > Preferences > Security (Enhanced) menu.
Also, last week Adobe Flash player had a security hole as well. If you have been getting that nagging “update your Flash player” message, do so. If you turned off notifications for updates, you can manually download Adobe Flash player and install it.
Be careful of any PDF files you receive. Make sure they’re from trusted sources. Even if you receive a PDF file from a friend, if it seems like something they wouldn’t send, don’t open it or ask them if they sent you the file. Alternatively, you can sandbox your browser using Sandboxie for Windows. I don’t know a Mac version of it, but if anyone does, please make recommendations below.