Sign in with
Sign up | Sign in

Security Firm Uncovers Another Adobe Zero-Day

By - Source: FireEye | B 9 comments

Another zero day has been discovered in an Adobe product.

Security firm FireEye reports that it has uncovered a PDF zero-day that is currently being exploited in the wild. This warning includes Adobe PDF Reader v9.5.3 for Windows, Macintosh and Linux, Reader X v10.1.5 for Windows and Macintosh, and Reader XI v11.0.01 for Windows and Macintosh.

According to the report, this exploit drops two DLLs upon successful exploitation, one of which displays a fake error message and opens a decoy PDF document. The second DLL drops the callback component which talks to a remote domain.

"We have already submitted the sample to the Adobe security team," the firm stated on Wednesday in this blog. "Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files. We will continue our research and continue to share more information."

FireEye said that it has been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day. Adobe also reports that it is currently investigating this report and assessing the risk to its customers.

"We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information," Adobe added.

FireEye's latest report arrives just after the discovery of two Flash Player zero-days that were being exploited in spear-phishing campaigns. One attack relied on SWF Flash files embedded in Microsoft Word documents. A second attack, focused on Mac users, hosted malicious Flash files on a website. Adobe issued a Flash Player update on Tuesday that added a Click to Play anti-spear-phishing feature.

"The two exploits have been assigned CVE-2013-0633 and CVE-2013-0634. It is highly recommended that you apply this patch right away, as this threat is active in the wild," FireEye said.


Contact Us for News Tips, Corrections and Feedback

Ask a Category Expert

Create a new thread in the Streaming Video & TVs forum about this subject

Example: Notebook, Android, SSD hard drive

This thread is closed for comments
  • 8 Hide
    virtualban , February 14, 2013 12:40 PM
    Foxit Reader FTW!!
  • -2 Hide
    Darkk , February 14, 2013 12:57 PM
    For some applications it's not an option to change PDF readers so best we can do is keep them updated.
  • 1 Hide
    danwat1234 , February 14, 2013 1:19 PM
    virtualbanFoxit Reader FTW!!

    Version 2.2 is the best. It isn't bloated. That and sometimes SumatraPDF but usually foxit.
  • Display all 9 comments.
  • 0 Hide
    thecolorblue , February 14, 2013 1:26 PM
    Reader XI v11.0.01 is the "updated" version... and it is vulnerable.

  • 2 Hide
    thecolorblue , February 14, 2013 1:27 PM
    virtualbanFoxit Reader FTW!!

    link for everyone... switch today!
  • 2 Hide
    JPForums , February 14, 2013 1:54 PM
    Adobe also reports that it is currently investigating this report and assessing the risk to its customers.

    I get the investigating the report part, but assessing the risk? So if they don't deem the risk high enough, or the group large enough, they'll just leave the exploit there? The report is either true or false. If true, it means your software is flawed AND your customers are vulnerable. I could understand if the software were end of life, but for a piece of software that is perpetually updated anyways, why wouldn't you just fix it. Perhaps I'm missing something.
  • 0 Hide
    beardguy , February 14, 2013 5:43 PM
    I ended up getting a Zero-Day virus that I am almost positive hid itself as a Flash Player installer. I work for a fortune 500 company (if I said the name, you would know) and we are extremely big on security, but I believe I still got this virus on our network. This virus (and variations of it) are nasty and very difficult to remove.
  • 2 Hide
    techcurious , February 15, 2013 7:28 AM
    I am so sick of having to update (often followed by a REBOOT) my Adobe software every other week.. and why do they call it an update anyway? The downloads are as big as the original install file.. would be more accurate to call them a "reinstall with the latest version that will be almost secure for about 2 weeks!"...
  • 0 Hide
    Rosanjin , February 15, 2013 11:17 AM
    I like Nitro PDF. Its free version allows you to sign documents, too.
Tom’s guide in the world
  • Germany
  • France
  • Italy
  • Ireland
  • UK
Follow Tom’s guide
Subscribe to our newsletter
  • add to twitter
  • add to facebook
  • ajouter un flux RSS