Malware, Vulnerability Management

Lockheed Martin hit, but not breached, with Adobe zero-day

Attackers attempted to leverage a recently disclosed Adobe Reader zero-day vulnerability to infiltrate Lockheed Martin, among other companies.

Adobe earlier this week warned about the critical flaw, which is being exploited in limited and targeted attacks against Adobe Reader 9.x on Windows. The software maker is working on an emergency fix, to be released next week.

Lockheed appears to be among the first to spot the bug because the Adobe advisory credits the company's computer emergency response team with reporting the issue to Adobe.

The defense contractor regularly identifies and blocks malware attempting to exploit bugs in Reader and other applications, Jennifer Whitlow, a spokeswoman at Lockheed Martin, said in a statement sent to SCMagazineUS.com on Thursday.

“To be clear, there was no breach or intrusion of any kind in this instance,” Whitlow said. “Our systems blocked any access by the adversary, and Lockheed Martin information systems remain secure.”

Lockheed, though, isn't the only organization to be targeted by an exploit that takes advantage of the vulnerability. Security firm Symantec  said attackers leveraged the bug in malicious emails sent on Nov. 1 and 5. The messages attempted to infect computers with the Sykipot trojan, a piece of malware that opens a backdoor on target machines.

The emails, which contained subject lines related to a 2012 contract guide, instructed recipients to open an attached file to view a new guide containing an updated policy for awarding contractors, Stephen Doherty, security response engineer at Symantec, said in a blog post Wednesday. Symantec posted a screen shot of the message, but blurred the name of the target company. 

Independent security researcher Brandon Dixon also discovered a malicious PDF attempting to exploit the flaw. The rigged file was disguised as an employee satisfaction survey for employees of the defense contractor ManTech. 

The bug affects Adobe Reader and Acrobat X (10.1.1) and earlier 10.x versions for Windows and Mac, as well as Adobe Reader and Acrobat 9.4.6, and earlier 9.x versions for Windows, Mac and UNIX. 

Adobe expects to fix the issue sometime next week in Reader and Acrobat version 9. However, because the bug is mitigated by the Protected View functionality, the company plans to wait until Jan. 10 to patch Reader and Acrobat X, its most current version. Jan. 10 is the scheduled date of Adobe's next quarterly security update.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.