Network News

X My Profile
View More Activity

Attackers Target New Adobe Flash/Reader Flaw

Adobe Systems Inc. said Tuesday it is investigating reports that attackers are exploiting a previously unknown security hole in its Acrobat, Flash and PDF Reader applications.

Adobe's security advisory says the security weakness appears to affect Adobe Reader and Acrobat 9.1.2, as well as Adobe Flash Player 9 and 10.That's about the extent of the information provided by Adobe at this point.

Meanwhile, Symantec says it has seen several instances of this vulnerability being exploited in targeted attacks -- such as those in which the attackers include a poisoned attachment in an e-mail that addresses the recipient by name.

Marc Fossi, manager of development at Symantec, said the attacks the company has seen so far involve booby-trapped PDF files that take advantage of Adobe Flash functions built into Reader. Fossi said none of the attacks so far have used stand-alone Flash, such as a malicious Flash movie embedded in a Web site.

"I don't want people super panicking about this, but the potential is there that this vulnerability could be exploited through Web sites," Fossi said.

Firefox users can block Flash from rendering automatically using add-ons like Noscript, Request Policy, and Adblock Plus. I find Adobe Reader to be slow, and prefer the free Foxit Reader, which I'd recommend over Adobe's PDF reader any day. There are, however, other free PDF reader alternatives as well, including Sumatra PDF and PDF-XChange Viewer.

Update, 5:48 p.m. ET: Computer security firm Purewire writes in to say they have seen Web sites exploiting this vulnerability using poisoned Flash movies. According to them, not a single anti-virus product is detecting the malicious Flash file as harmful.

Purewire says it appears this exploit has been around since at least July 9, but that Adobe has known about the bug since at least December 2008.

Meanwhile, the SANS Internet Storm Center is reporting that the usual technique for mitigating the threat to Adobe Reader 0day attacks -- turning off Javascript -- won't help in this attack.

Update, July 23, 5:11 p.m.: Adobe has released a more detailed bulletin about this flaw indicates that it is indeed a Flash vulnerability, and that Reader and Acrobat are vulnerable also because they bundle Flash capability. Adobe says it expects to ship an update for Flash Player v. 9 and v.10 on Windows, Mac and Linux systems on July 30, and an update for Windows, Mac and Linux versions of Adobe Reader and Acrobat v. 9.1.2 the following day.

For anyone hankering for a geekier view of how this exploit and vulnerability works, check out FireEye's writeup here.

By Brian Krebs  |  July 22, 2009; 4:56 PM ET
Categories:  Latest Warnings , Safety Tips  | Tags: 0day, adobe acrobat reader  
Save & Share:  Send E-mail   Facebook   Twitter   Digg   Yahoo Buzz   StumbleUpon   Technorati   Google Buzz   Previous: Microsoft Scrambling to Close Stubborn Security Hole
Next: Service Offers to Retrieve Stolen Data, For a Fee


Brian, can I take it to mean that these problems haven't beeen seen with the Foxit Reader, or the other alternatives you mention ?...


Posted by: mhenriday | July 22, 2009 6:14 PM | Report abuse

that's correct. that's not to say they don't exist in those. I just don't have any info to that effect one way or the other.

Posted by: BTKrebs | July 22, 2009 6:30 PM | Report abuse

It sounds like this is at it's heart a Flash vulnerability and not a PDF vulnerability, and it's the Flash support of Adobe reader that is triggering the problem. I use Foxit, I've never viewed any Flash within it, but I have no idea if Flash support is there. I would assume, given how lean and small it is, that there isn't any. Any flash-averse PDF reader will probably be fine.

Posted by: conspirator5 | July 22, 2009 11:14 PM | Report abuse

I prefer to use foxit as well but some websites won't render pdf unless adobe is installed (adp secure site that displays paychecks, for example). Is there a way to bypass that, so I can uninstalled Adobe pdf reader (bloated and constantly downloads updates and extraneous items)?

Posted by: naud | July 23, 2009 12:50 AM | Report abuse

Another satisfied Foxit user here.

How concerned should I be that many Flash videos warn me that Flash is about to place information on my computer? Some time ago I changed some parm setting to enable that warning.

Posted by: Bartolo1 | July 23, 2009 8:04 AM | Report abuse

naud, you may be able to change your web browser's default app for .pdf files. In Firefox look for Tools, Options, Applications. In IE, try Tools, Internet Options, Programs, Set Programs. This may still not work for you, however, because the web-based business application may have running Adobe Reader or Acrobat written into its code, not just opening a .pdf document. I've also found several fillable forms that don't work in alternative .pdf viewers.

Posted by: annanemas | July 23, 2009 8:11 AM | Report abuse

What I don't understand is that you essentially say "you like" Foxit. You've given no indication that they are less vulnerable to various attacks or that they have fewer existing vulnerabilities or that they are good about patching promptly. Isn't it just "sexy" to write about Adobe's problems and then prove how "with it" you are by pushing an alternative product with no clarity on it's security issues?

Posted by: bmuller | July 23, 2009 10:13 AM | Report abuse

I don't know if Foxit Reader or any of the other non-Adobe alternatives could be exploited in a similar manner to this latest Flash vulnerability. However, I do know that security software from my company as well as other vendors can prevent Foxit or other 'guarded' software applications from harming a PC after ingesting malicious content such as a poisoned PDF.

"Your Software Applications Cannot be Trusted"

Go to a reputable web portal and try these protections out because the signature-based tools cannot keep up with the threat.

Posted by: eiverson1 | July 23, 2009 10:26 AM | Report abuse

Bmuller- I have listed several different alternatives to Adobe Reader that in all likelihood are not vulnerable to this attack. I am sorry if I don't have all of the answers you're looking for right now. But you know many people think Adobe is the only option, just like many people think the little blue and white "e" on their desktop is the Internet.

Posted by: BTKrebs | July 23, 2009 10:27 AM | Report abuse

Posted by: josh15 | July 23, 2009 1:11 PM | Report abuse

...Watching for the next shoe to drop on what other application can be used to exploit the Adobe Flash vulnerability

What a busy summer!

Posted by: eiverson1 | July 23, 2009 1:42 PM | Report abuse

In the reader's edit/preferences settings, you can set Flash permissions to NEVER in multimedia legacy and multimedia trust categories. I believe doing so will prevent a malicious Flash subroutine from starting up in a .pdf file.

Posted by: Apostrophe | July 23, 2009 7:56 PM | Report abuse

After scanning my system with Secunia PSI (v, it identified several apps and components of Adobe CS4 as being at risk due to Flash plug-ins.

Adobe AIR Flash 10.x Plug-in
Adobe AIR Flash 9.x Plug-in
Bridge CS4 Flash 9.x Plug-in
Contribute CS4 Flash 10.x Plug-in
Device Central CS4 Flash 9.x Opera Plug-in
Dreamweaver CS4 Flash 10.x Plug-in
Extension Manager CS4 Flash 9.x Plug-in

I am concerned about the scope of CVE-2009-1862 as it relates to the results of the Secunia scan regarding CS4. I have had no response to the query I submitted to Adobe's PSIRT and their security advisory is sparse on details.

Posted by: Hoku1 | July 24, 2009 4:38 PM | Report abuse

The PDF format has become very popular now a days. Adobe Reader is the preferred software for viewing PDF files but i don’t like viewing my files in Adobe Reader. First of all, it is very slow and takes a lot of time in opening the files, and the latest version of Adobe Reader uses a lot of system resource while running. Though it has got some nice features, there are some very good alternatives available which are not only fast, but they are also lightweight. For me, Foxit PDF Reader is the best alternative.

Posted by: nethawk888 | July 30, 2009 11:11 AM | Report abuse

The comments to this entry are closed.

RSS Feed
Subscribe to The Post

© 2010 The Washington Post Company