Adobe Reader exploit fetching up to $50k in underground
Russian security researchers say they have come across a vulnerability in the latest versions of Adobe Reader that is being sold in the criminal underground.
The Moscow-based incident response firm Group-IB announced Wednesday that the vulnerability is able to evade a built-in sandboxing protection that was introduced with Adobe Reader X. This capability is designed to mitigate attacks against Reader by forcing operations that display PDF files to the user to be run inside a confined environment.
Because of its ability to bypass the sandbox, this particular vulnerability already is being traded in select parts of the online black market and has a going rate of a pricey $30,000 to $50,000, researchers said. It's also been packaged into specialized versions of the popular BlackHole exploit kit.
There is some saving grace, however. Researchers said that for the payload to execute, a user must close their web browser and then restart it.
An Adobe representative said the company was awaiting more details before deciding how to respond.
"We saw the announcement from Group IB, but we haven't seen or received any details," Adobe spokeswoman Wiebke Lips told SCMagazine.com in an email on Wednesday evening. "Adobe PSIRT (Product Security Incident Response Team) has reached out to Group-IB, but we have not yet heard back. Without additional details, there is nothing we can do, unfortunately — beyond continuing to monitor the threat landscape and working with our partners in the security community, as always."
UPDATE: Lips tells SCMagazine.com on Thursday that Adobe has touched base with Group-IB. "We received a response from Group-IB this morning and are now in communication so we can make a determination on whether or not this is in fact a vulnerability and a sandbox bypass. I will update you as soon as we have the information we need to be able to make that determination."