Researchers at FireEye have sent samples of a newly uncovered vulnerability affecting the latest Adobe PDF Reader versions 9.5.3, 10.1.5, and 11.0.1 to Adobe's security team. In an official blog post, the researchers state that they have found a zero-day vulnerability affecting the Adobe PDF in the wild. If successful, the vulnerabilities will drop two DLLs. The first DLL, reportedly will show a fake error message and open a 'decoy' PDF document. “The second DLL in turn drops the callback component, which talks to a remote domain,” the report adds.
Till a fix is issued, users have been advised not open any unknown PDF files. In an update to the post, FireEye adds, “In response to the many requests we’ve received for more detailed information, we would like to let our readers know that we have been working with Adobe and have jointly agreed to refrain from posting the technical details of the zero-day at this time. This post was intended to serve as a warning to the general public. We will update this post with more information at a later time.”
New security loophole discovered
Only last week, Adobe released a security patch for a rather critical vulnerability that could allow an attacker to take control of the complete system. The security updates have been released for Flash Player for Windows, Macintosh, Linux, and Android. Adobe states that the vulnerability is quite serious and advises users to update Flash as soon as possible.
The fixes come in the wake of reports of a vulnerability, CVE-2013-0633, being exploited. The exploit is designed to trick users into opening a Microsoft Word document that's delivered as an email attachment and contains malicious Flash (SWF) content. The exploit for the CVE-2013-0633 vulnerability targets the ActiveX version of Flash Player on Windows.
Another vulnerability, CVE-2013-0634, is being exploited in the wild. Attacks exploiting the vulnerability are being pushed through malicious Flash (SWF) content hosted on websites that target Flash Player in Firefox or Safari on Macintosh. There have also been exploits designed to trick Windows users into opening a Microsoft Word document delivered as an email attachment which contains malicious Flash (SWF) content.
Adobe has urged users to update their installations to the latest versions:
- Users of Adobe Flash Player 11.5.502.146 and earlier versions for Windows and Macintosh should update to Adobe Flash Player 11.5.502.149.
- Users of Adobe Flash Player 184.108.40.2061 and earlier versions for Linux should update to Adobe Flash Player 220.127.116.112.
- Flash Player installed with Google Chrome will automatically be updated to the latest Google Chrome version, which will include Adobe Flash Player 18.104.22.168 for Windows, Macintosh and Linux.
- Flash Player installed with Internet Explorer 10 for Windows 8 will automatically be updated to the latest version of Internet Explorer 10, which will include Adobe Flash Player 11.3.379.14 for Windows.
- Users of Adobe Flash Player 22.214.171.124 and earlier versions on Android 4.x devices should update to Adobe Flash Player 126.96.36.199.
- Users of Adobe Flash Player 188.8.131.52 and earlier versions for Android 3.x and earlier versions should update to Flash Player 184.108.40.206.