Adobe Reader infections strike in the wild

Share this article:

Exploits of the recently patched Adobe Reader vulnerabilities have been reported in the wild.

Though the proof-of-concept code had just been published earlier this week, it was not surprising that an exploit surfaced so quickly, according to a blog post Friday by Bojan Zdrnja, a volunteer analyst at the SANS Internet Storm Center.

The payload is in a JavaScript object embedded in the PDF document.

The attackers appeared to modify the proof-of-concept so it would evade anti-virus detection, Zdrnja said. He added that as of about 10:50 a.m. EST, no anti-virus products were able to detect the malicious PDF exploit, according to VirusTotal, a malware scanning service. Later Friday afternoon, US-CERT issued a statement that "reports indicate that this exploit is currently undetectable by common antivirus applications."

Core Security Technologies, a security testing software solutions provider and one of the firms credited with discovering the flaw, published sample code when it notified users about the problem.

Adobe suggests users upgrade to version 8.1.3. Users of version 9 for Reader and Acrobat, released in June, are not vulnerable to the flaws.

Share this article:

Sign up to our newsletters

More in News

Research shows vulnerabilities go unfixed longer in ASP

Research shows vulnerabilities go unfixed longer in ASP

A new report finds little difference in the number of vulnerabilities among programming languages, but remediation times vary widely.

Bill would restrict Calif. retailers from storing certain payment data

The bill would ban businesses from storing sensitive payment data, for any long than required, even if it is encrypted.

Amplification, reflection DDoS attacks increase 35 percent in Q1 2014

Amplification, reflection DDoS attacks increase 35 percent in ...

The Q1 2014 Global DDoS Attack Report reveals that amplification and reflection distributed denial-of-service attacks are on the rise.