[ISN] Zero-day attack reportedly pierces key Adobe Reader defense

From: InfoSec News <alerts_at_private>
Date: Thu, 8 Nov 2012 03:08:39 -0600 (CST)
http://arstechnica.com/security/2012/11/zero-day-attack-reportedly-pierces-key-adobe-reader-defense/

By Dan Goodin
Ars Technica
Nov 7 2012

Adobe officials say they're investigating claims of a recent attack. A 
newly published report claims the latest versions of the widely used 
Reader document viewer are under attack by exploit code that targets a 
previously unknown vulnerability.

The particular exploit is available in underground forums for as much as 
$50,000. It's significant because it pierces a security sandbox that 
until now has proved impervious to other online attacks, KrebsonSecurity 
journalist Brian Krebs reported on Wednesday. The security mechanism is 
designed to minimize the damage of attacks that exploit buffer overflows 
and other types of software bugs by isolating Web content from sensitive 
parts of the underlying operating system.

The vulnerability affects both Reader X and its recently introduced 
successor, Reader XI. And it's already incorporated into a custom 
version of the Blackhole Exploit Kit according to Krebs. The reporter 
wrote the developer behind Blackhole said he is hoping to add the 
exploit to the main version of the kit soon. Criminal hackers fold 
Blackhole into already hacked websites to give them the ability to 
exploit a wide variety of vulnerabilities when end users visit the 
sites.

Krebs's report cited a researcher with Moscow-based forensics firm 
Group-IB.

In an e-mail to Ars, an Adobe spokeswoman wrote: "We saw the 
announcement from Group IB, but we haven't seen or received any details. 
Adobe [Product Security Incident Response Team] has reached out to 
Group-IB, but we have not yet heard back. Without additional details, 
there is nothing we can do, unfortunately—beyond continuing to monitor 
the threat landscape and working with our partners in the security 
community, as always."

[...]


______________________________________________
Visit the InfoSec News Security Bookstore
Best Selling Security Books and More!
http://www.shopinfosecnews.org 
Received on Thu Nov 08 2012 - 01:08:39 PST

This archive was generated by hypermail 2.2.0 : Thu Nov 08 2012 - 01:19:59 PST