FireEye is warning users not to open PDF files sent from unknown/untrusted sources following the discovery of a a new zero-day vulnerability that’s actively being exploited in-the-wild.
The attack begins with a booby-trapped PDF – which may be masquerading as an application for an international travel visa -that drops 2 DLL files on the target machine should the exploit code be executed successfully.
“The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks “ FireEye researchers explain in a Tuesday blog post, “The second DLL in turn drops the callback component, which talks to a remote domain. ”
Zheng Bu, Senior Director of Security Research at FireEye told Threatpost that this exploit is the first to bypass the sandbox in Adobe Reader X and higher.
FireEye notified Adobe of the bug, and has agreed to avoid posting technical details of the zero-day until further notice. FireEye was able to successfully execute this attack in Adobe Reader 9.5.3, 10.1.5 and 11.0.1.
Adobe is currently investigating the bug and will release an update once they have more information.
Until then, be sure that you do not open PDF files from unknown or untrusted sources.
Update: Adobe has confirmed the vulnerabilities discovered by FireEye & promises to release a patch soon.