When PDFs Attack II - New Adobe Acrobat Reader 0-Day On the Loose

http://www.shadowserver.org/wiki/pmwiki.php/Calendar/20091214

Greetings Everyone,

It has been a while since we have posted anything publicly, but we promise that we have been hard at work all this time. However, we come to you today with some bad news but hope to be of assistance. The Shadowserver Foundation has become aware of a new vulnerability affecting Adobe Acrobat that is currently unpatched. Several tests have confirmed this is a 0-day vulnerability affecting several versions of Adobe Acrobat to include the most recent versions of 8.x and 9.x. We have not tested on 7.x, but it may also be vulnerable.

snip

Exploit Details
We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009. However, the number of attacks are limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe. We are fully aware of all the details related to the exploit but do not plan to publish them for a few reasons:

snip

Antivirus detection should improve in the coming weeks and hopefully a patch. Right now only 5 out of the 41 different Antivirus vendors used by Virustotal are detecting this threat. Even then their detection appears to be generic and is not currently specifically detecting this exploit. The 5 vendors to detect the threat are:

(McAfee-GW-Edition)
(eSafe)
(NOD32)
(AntiVir)
(Kaspersky)
---------------------------------------

I unloaded this resource hogging, slow to load, vulnerable to exploits POS about 3 mos ago & installed Foxit Reader. :thumbsup:

http://www.adobe.com/support/security/advisories/apsa09-07.html

Release date: December 15, 2009
Last updated: December 15, 2009
Vulnerability identifier: APSA09-07

Summary
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available.

Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue.
more at link
-----------------------------

More (free) PDF readers available here: http://pdfreaders.org/

I wonder if that's what this was about. I have Acrobat Reader installed.

I doubt this is any concern to me and my linux mint installed used to be xp machine

Have I mentioned how much I like linux yet today? Well I do

that Adobe just notified me in systray was ready for update? Sorry, I am in a dash, and looking for a quick answer if anyone has it. Thanks!

January 14, 2010, 02:58 PM —

Some things are the same no matter what operating system you run. Mac, Windows, or Linux user chances are you use Adobe Reader to read PDF (Portable Document Files) and Adobe Acrobat to create them. So it is that, no matter what you're running on your PC, you need to update your copies of Reader and Acrobat ... I'm raising a little Cain about it because major attacks on Google and Adobe are already happening because of these now fixed security holes. These attacks aren't coming from J. Random Hacker, they're coming, according to Google, from the Chinese government.If you don't want your computer to be part of state-sponsored espionage, you need to fix it now before you run across a malware-infected PDF ...

http://www.itworld.com/security/92714/update-your-adobe-software-now

thank you

It can embed it in a pdf document you send on to someone with a Windows machine.
I'd rather not become a "Typhoid Mary"