Non-fans of the PDF file format now have one more reason to harbor negative feelings towards it. Hackers have found another way to exploit a vulnerability on a rather large scale, and it's supposed to be five more days before Adobe puts a fix in place.
Jessa De La Torre, a threat response engineer at Trend Micro, explained the latest danger in a blog post, writing, "The sample (detected by Trend Micro as TROJ_PIDIEF.WIA) uses the heap spray technique to execute shellcode in its stream. As a result, a malicious file detected as BKDR_POISON.UC is dropped into the system."
De La Torre then continued, "When executed, BKDR_POISON.UC opens an instance of Internet Explorer and connects to a remote site, cecon.{BLOCKED}-show.org. Once connected, a malicious user may execute any command on the affected system."
And Adobe's announced that it won't provide a patch until Tuesday, January 12th.
Of course, standard be-careful-what-you-click-on practices will go a long way toward keeping people safe from this threat.
Individuals can do something else to protect themselves while Adobe readies its solution, too: users of Adobe Reader or Acrobat have the option of either utilizing the javascript Blacklist Framework, or manually disabling javascript if that seems easier.
Also, one other positive, semi-related story is that Adobe's working on a new update utility designed to automatically apply patches.
Maybe PDF's critics will find a little less to get upset about in the future, then.
www.SecurityProNews.com |