New Adobe 0day vulnerabilities exploited by hackers
FireEye found PDFs that exploit an open vulnerability in Adobe Reader and Acrobat. The Adobe PDF Reader and Acrobat versions XI (11.0.1), as well as earlier versions, were at risk. During the investigation of the 0day incident, two vulnerabilities CVE-2013-0640 and CVE-2013-0641 were discovered. Using them, an attacker can execute arbitrary code. Adobe Security Bulletin is available here .
The corresponding fix from Adobe has not yet been released, but it is known that using the latest versions (XI - 11) of products using a special PDF viewer - “Protected View” (is part of the sandbox mode - sandbox mode), the user can protect himself from being compromised . Unfortunately, this mode is disabled by default . Detailed information about the sandbox mode is available here .
')
Using the latest version of Adobe Reader with the Protected Read option enabled for all PDF files will protect you from this kind of attack. To enable it, go to Edit-> Settings-> Protection (enhanced) .
Users of our products are protected from this exploit and malicious PDF. It was added by us as JS / Exploit.Pdfka.QCV . The corresponding database update has already been released.
It is known that during the operation, malicious PDF installs in the OS DLL.
We recommend our users:
• Do not open suspicious PDFs or PDFs received from untrusted sources.
• Be careful, do not open suspicious attachments in messages, attackers often use social engineering methods.
• Stay tuned for Adobe PDF Reader.
• Update your OS regularly.
Also use Microsoft EMET (Enhanced Mitigation Experience Toolkit) for your OS. The explorer code for Adobe Reader uses ROP to bypass the ASLR. EMET has the ability to block exploits of this kind at the stage of their execution. EMET v.3.5 can be downloaded here .
be secure.
The corresponding fix from Adobe has not yet been released, but it is known that using the latest versions (XI - 11) of products using a special PDF viewer - “Protected View” (is part of the sandbox mode - sandbox mode), the user can protect himself from being compromised . Unfortunately, this mode is disabled by default . Detailed information about the sandbox mode is available here .
')
Using the latest version of Adobe Reader with the Protected Read option enabled for all PDF files will protect you from this kind of attack. To enable it, go to Edit-> Settings-> Protection (enhanced) .
Users of our products are protected from this exploit and malicious PDF. It was added by us as JS / Exploit.Pdfka.QCV . The corresponding database update has already been released.
It is known that during the operation, malicious PDF installs in the OS DLL.
We recommend our users:
• Do not open suspicious PDFs or PDFs received from untrusted sources.
• Be careful, do not open suspicious attachments in messages, attackers often use social engineering methods.
• Stay tuned for Adobe PDF Reader.
• Update your OS regularly.
Also use Microsoft EMET (Enhanced Mitigation Experience Toolkit) for your OS. The explorer code for Adobe Reader uses ROP to bypass the ASLR. EMET has the ability to block exploits of this kind at the stage of their execution. EMET v.3.5 can be downloaded here .
be secure.
Source: https://habr.com/ru/post/169411/
All Articles