Reports that a zero-day vulnerability in Adobe Acrobat and Adobe Reader is being exploited in the wild have been confirmed by Adobe in a blog post. Adobe is exploring the issue to determine how to patch it.
The issue reportedly impacts Adobe Reader, and Adobe Acrobat--versions 9.2 and earlier. The good news is that attacks thus far are narrowly-focused, targeted attacks rather than widespread efforts.
The Trojan horse exploits a flaw in the Adobe software to allow it to install additional malware components and further compromise the vulnerable computer. The additional malware could potentially be anything, but Symantec reports that the most prevalent malware associated with this threat right now is some type of information-stealing software.
The actual exploit relies on JavaScript. The Shadowserver Foundation and SANS Institute both recommend that you simply disable the execution of JavaScript within the Adobe software. In your Adobe product, go to Edit--Preferences--JavaScript, and uncheck the box next to Enable Adobe JavaScript.
Full Story
No comments:
Post a Comment