Adobe plans fix for Reader bug as exploits continue

With criminals finding new ways to exploit a zero-day vulnerability in Adobe Reader and Acrobat, a fix is on the way, Adobe said Thursday.

In a bulletin, Adobe said that on Tuesday it plans to patch for critical vulnerabilities in Reader and Acrobat versions 9.2 and earlier for Windows, Mac and UNIX platforms.

Among the bugs to be fixed is a critical flaw in Reader and Acrobat, which has been actively exploited since December. On Thursday, researchers at anti-virus company Trend Micro said they discovered a new malicious PDF sample that is actively exploiting the vulnerability.  

“The [PDF] sample [detected by Trend Micro as TROJ_PIDIEF.WIA] uses the heap spray technique to execute shell code in its stream,” Jessa De La Torre, threat response engineer at Trend Micro, wrote in a blog post Thursday. “As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system.”

Once executed, the malware opens up Internet Explorer and connects to a remote site, which allows cybercrooks to execute any command on an affected system, De La Torre said.

The vulnerability was discovered in December, and security experts warned then that exploits were being delivered as a malicious PDF attached to emails but said the attack targets were limited.

Until the fix is out on Tuesday, users are being advised to disable JavaScript in Reader and Acrobat.

“Cybercriminals are sure to take advantage of this unpatched vulnerability,” De La Torre said.