Last week saw the addition of another chapter to the never-ending malware saga that is Adobe Reader. A clever exploit for a vulnerability was uncovered by researcher Mila Parkour and Reader as well as Acrobat currently remain unpatched. PC World reports that the expoit uses rigged PDF files that include code to exploit the zero-day flaw.
It has been called impressive and clever because it first gets around 2 Microsoft-created protections,
The sophisticated exploit bypasses two important defenses that Microsoft erected to protect Windows, ASLR (address space layout randomization) and DEP (date execution prevention), researchers have confirmed.
Second, the attack also boasts a valid digital signature by Vantage Credit Union. Verisign has revoked the signature to prevent further usage but the malware that’s already out there will still be carrying what looks like a valid signature. The attacks have been targeted to specific corporations and individuals but now that the word is out the hackers will probably expand its target range.
Adobe has not offered any word on how to avoid the attacks or when they will have a patch ready. They did warn users on Tuesday about the malware. To get infected the bad PDF needs to be viewed so it does require some interaction and disabling JavaScript will block the attack.
This is the latest attack to use digital signatures to fool defense systems, it bears a resemblance to the Stuxnet worm which was a problem for some companies over the summer. It wouldn’t be surprising if in the future more malware uses these sophisticated techniques with digital signatures since they have been effective.
Join 16,500
View the Original article
No comments:
Post a Comment