JMH
Emeritus, Contributor
- Apr 2, 2012
- 7,197
Adobe investigates PDF Reader zero-day vulnerability reports
- Thread starter JMH
- Start date
JMH
Emeritus, Contributor
- Apr 2, 2012
- 7,197
Don't open that PDF: There's an Adobe Reader zero-day on the loose.
Don't open that PDF: There's an Adobe Reader zero-day on the loose | ZDNet
Critical Security Advisory for Adobe Reader and Acrobat (APSA13-02)
Adobe has now released Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. The vulnerabilities are being exploited in the wild.
In order to minimize vulnerability it is recommended Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled. Unfortunately, neither the Protected Mode or Protected View option is available for Macintosh users.
To enable this setting, do the following:
Adobe has now released Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. The vulnerabilities are being exploited in the wild.
In order to minimize vulnerability it is recommended Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled. Unfortunately, neither the Protected Mode or Protected View option is available for Macintosh users.
To enable this setting, do the following:
- Click Edit > Preferences > Security (Enhanced) menu.
- Change the "Off" setting to "All Files".
- Ensure the "Enable Enhanced Security" box is checked.
AceInfinity
Emeritus, Contributor
Good information Corrine, I have yet to learn more about the PDF file format, the only trouble is that it changes with nearly every release of Adobe's Acrobat reader. So not only do you have a new program to learn about, but a new fileformat as well, modified from the previous file specification of the portable document format. From my quick understanding it seems to use hashes, whether MD5 is constant or not, I found an entry of 2 hashes in one PDF file I had:
*Really the same hash over 2 values within brackets, not sure what the significance is of this:
These are 32bits in length though so it looks like an MD5 to me, perhaps newer file specifications adopted something like SHA256...? All I know is, unlike most file formats I know of, this seems to be a custom packed file, using the LZW compression algorithm.
I've got lots to learn about this though.
*Really the same hash over 2 values within brackets, not sure what the significance is of this:
Code:
[<1575E5712C8FD6A387DF540E0AB20D0D> <1575E5712C8FD6A387DF540E0AB20D0D>]These are 32bits in length though so it looks like an MD5 to me, perhaps newer file specifications adopted something like SHA256...? All I know is, unlike most file formats I know of, this seems to be a custom packed file, using the LZW compression algorithm.
I've got lots to learn about this though.
It may be a custom packed file, Ace, but it certainly doesn't seem to bother the malware writers finding vulnerabilities!
Adobe announced plans for an update for some time this week: Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02):
Adobe announced plans for an update for some time this week: Schedule update to Security Advisory for Adobe Reader and Acrobat (APSA13-02):
AceInfinity
Emeritus, Contributor
Nope, it's a standard PDF file format, version 1.5 from what I'm seeing in the header. As far as I know, the latest version is 1.7 for the PDF specification?
Has Sysnative Forums helped you? Please consider donating to help us support the site!