[b]Adobe Reader zero-day attack – now with stolen certificate[/b]
Roel
Kaspersky Lab Expert
Posted September 08, 23:45 GMT
Today Adobe put out an advisory for a previously unknown zero-day in its PDF Reader/Acrobat software. This vulnerability is actively being exploited in the wild.
The exploit is pretty basic. What’s interesting about it is that it makes use of Return Oriented Programming to bypass the ASLR and DEP mitigation technologies in Windows Vista and 7.
More widespread usage of ROP for exploits is something I’ve been expecting for a while. Why? Because Windows 7 is gaining more and more traction in both the consumer and corporate space.
Thanks for the posting.
So for us who don’t know much about these issues,should we just not use adobe reader till they issue an update to resolve this vulnerability or should we just unistall the whole program till is secure? :-
Thanks!
PS: I use OpenOffice 3.2 Is this a substitute for the adobe Reader? Do I really need Adobe Reader?
As anjana asks, should we/I delete Adobe Reader 9.3.4? And, it is mentioned that it is 41mb, mine is 210MB? on Programs and Features. The answer to the questioned was “why would you use” question again, “should I delete” and choose, say, Foxit Reader? Thanks so much, from a person who does not know anything about these issues.
Given that the reported vulnerability is rated critical by Adobe, and is reported to be actively exploited in the wild, in my opinion the only options are to either (1) not open any PDF files that you cannot trust - that is, know for sure they are not infected, or (2) uninstall Adobe reader and use another. (I use Nitro, and am happy with it.)
Number (1) (don’t open any untrusted files) is the only workaround offered at this stage. Therefore, if it were me, I’d remove it and use another for this reason alone. (I removed it and installed another long before now, for performance reasons.)
If you don’t have reason to open any PDF’s, and you want to keep Adobe, you might choose to wait and see if a solution is forthcoming.
Thanks YoKenny, Pondus, and Tarq57 for your advice and info. Seeing this i don’t really see a reason to keep Adobe Reader.
Thanks for the alternative options to it…
Thanks Tarq57, for a straight answer to the question. Adobe Reader has been uninstalled. And now I will help my dad uninstall it on his computer. Thanks to all, but I was just needing a simple answer.
It is such a huge target that you have to really make sure that you have the very latest updated version and even then they have been very slow to patch vulnerabilities when they are discovered. So for me I gave up on it many years ago as a) it is very bloated for what it is a PDF reader (see image for what I mean about bloat) and b) it is such a target.
Your version if it is just 9.0 is out of date a vulnerable.
Hello thanks for the Reply! I like 9.0 it cause it doesn’t update on me and i don’t use it is just a program that has never been used on my OS. but i seen how much MB’s it uses and it seems to take alot of memory and also Avast has User guide thing in PDF why not XPS?
Adobe make a few different softwares, including photoshop, and the flash player. If it is the latest flash player version (check it here) it should be good.
At least until the next flash player vulnerability is found.
Exploits are found in this software, and Java platforms…all sorts of software, in fact, from time to time. A good reason to check everything is up to date, regularly.
Liking a version which has vulnerabilities which are being exploited and sticking with it, just because it doesn’t update on you is crazy. The fact that you say you have never used it doesn’t mean it can’t be exploited because the infrastructure is in place for just that (its installed and probably running in the background when not needed).
Because it doesn’t update on you is hardly a reassurance that you should keep that version.
There are plenty of alternatives to adobe pdf reader that a) aren’t bloated, b) if you like you can set not to check for updates (but you must) and c) aren’t such a huge target and not as vulnerable.
So for something that you purport not to use, I can’t understand why you have it installed at all, making a smaller alternate pdf reader an even better proposition and they can also read the avast user guide, mine does.
YoKenny mentioned coolPDFreader above and if you ever use it, you will hate Adobe Reader. CoolPDFreader is a very small program and far, far quicker than the antiquated AR.