New Adobe Reader X Zero Day Said to Bypass Sandbox

Adobe PDFIf you deal with a large number of PDFs, be sure that you’re not opening any sent from an unknown or untrusted source.

Brian Krebs of KrebsonSecurity.com warns that Group-IB, a computer security company based in Russia, claims to have discovered a new zero-day vulnerability in Adobe Reader X and XI that completely bypasses its built-in sandbox protection.

As if that news alone weren’t bad enough, Group-IB says that the vulnerability is up for sale in the criminal underground for $50,000 and has been added to a new, custom version of the infamous BlackHole Exploit Kit.

Frequent readers will recognize the BlackHole Exploit Kit name, as it is widely-used by cybercriminals and is often the driving force behind majority of drive-by-download attacks that we post warnings about.

The only limitations associated with this new zero day are the facts that it cannot be fully executed until the user closes their web browser or Reader window, and the attack has only been seen working against Windows.

Which, speaking of seeing things, Group-IB created a video demonstrating a “sanitized” version of the attack:

As for Adobe’s take on this, SCMagazine reports that the Adobe PSIRT (Product Security Incident Response Team) is communicating with Group-IB to determine whether or not this is in fact vulnerability and a sandbox bypass.

In the meantime, users should avoid downloading (and opening) random PDF files and maybe take a gander at other PDF readers Krebs suggests like Foxit, PDF-Xchange Viewer, Nitro PDF, and Sumatra PDF. Disabling the PDF reader browser plug-in won’t eliminate all threats since trojanized PDFs that are downloaded and opened will still result in a successful attack.

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+.

This entry was posted in Computer Security, malware and tagged , , , , , , .
Follow any comments here with the RSS feed for this post. Post a comment or leave a trackback: Trackback URL.

© 2014 Hyphenet, Inc.
1761 Hotel Circle S, Suite 350, San Diego, CA 92108

All rights reserved. Reproduction in whole or in part in any form or medium without express written permission is prohibited.

Hyphenet IT Security Blog located at 1761 Hotel Circle South, Suite 350 , San Diego, CA . Reviewed by 91 customers rated: 3.8 / 5