New 0-day vulnerability found in Adobe Acrobat and Reader

Stephen Withers
Wednesday, 16 December 2009 00:26

Business IT - Security

Exploits for a new 0-day vulnerability in Adobe Acrobat and Reader have been detected in the wild. Time to disable JavaScript?

Various security bodies and vendors are reporting that they have observed one or more examples of malicious PDF documents designed to install malware when they are opened, using a recently discovered vulnerability in Adobe Acrobat and Reader.

Versions 8 and 9 of Acrobat and Reader are said to be vulnerable, and version 7 may also be affected by the issue.

The vulnerability is reportedly in the programs' code for processing JavaScript, and some organisations are recommending that JavaScript should be disabled as a mitigation against these attacks.

Adobe has acknowledged the reports, and in a brief statement said it is "currently investigating this issue and assessing the risk to our customers."

It seems that the exploit was initially used in targeted attacks, but this may change now the cat is out of the bag.

While a vulnerability is not detected by most security software, it makes sense to limit its use to specific, high value targets and thus stay largely under the radar. Mass distribution is more likely to be detected by spam filters, leading to analysis of the content.

Although disabling JavaScript in Acrobat and Reader will reportedly block the attacks, it is always a good idea to be suspicious of files attached to emails from unknown senders, or unexpected or out-of-character attachments from people you do know.

Security vendors are adding detection for specific exploit files, and various elements of the attacks may be caught by generic detections.