Adobe to fix critical security hole in Acrobat, Reader software this week

Hackers could gain control of user's computer, penetrate enterprise's network
Tools

Adobe (Nasdaq: ADBE) expects to have fixes this week for "critical" security holes in its Acrobat and Reader software that could allow an attacker to gain control of a victim's computer and penetrate an enterprise's network.

The holes are being exploited in targeted attacks intended to trick Windows users into clicking on infected PDF files attacked to emails.

Attackers would be able to bypass Adobe's sandbox technology, which is supposed to quarantine malware and prevent it from accessing a victim's computer. McAfee security researcher Xiao Chen wrote in a blog that the exploit is fully "weaponized" and that it is the first to escape the sandbox technology.

"After succeeding, the exploit code exits the hijacked process and creates new processes to render a normal PDF file. The exploitation happens in a split second; thus the victim who opens that original malicious PDF file will not observe any abnormal behavior," Chen explained.

Adobe said enterprise administrators can protect Windows users by enabling Protected View in the registry and propagating it throughout the company.

Security firm FireEye said it identified the security holes in Acrobat and Reader and informed Adobe of the issue.

"Upon successful exploitation, [the malware] will drop two DLLs [dynamic link libraries]. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain," FireEye researchers explained in a blog.

FireEye said it would not reveal further technical details while the two firms work together for a fix.

Earlier this month, Adobe plugged a "critical" security hole in Flash Player that could also enable an attacker to gain control of the victim's computer. The malware exploiting for this hole is delivered as a Word document attached to an email.

Enterprise administrators and users running Adobe software should be particularly wary of emails with suspicious attachments that could contain malware. Downloading this malware could open up the user's computer and the enterprise's network to manipulation by attackers.

For more:
- see Adobe's Acrobat and Reader security advisory
- check out Adobe's Flash Player security advisory
- read Chen's blog
- see the FireEye blog

Related articles:
3 alternatives to Adobe Reader
Adobe rolls out emergency updates to Flash Player