Active Exploit of Adobe Vulnerability

January 4, 2010

Back in December, I posted a note about a newly-discovered critical vulnerability [CVE 2009-4324]  in all current versions of Adobe Reader and Adobe Acrobat.   At that time, Adobe had issued a security advisory , and indicated that a fix would not be available until the middle of this month (January 2010).

Now the SANS Internet Storm Center has published a diary entry saying that this vulnerability is being actively exploited via targeted attacks (that is, attacks directed at specific organizations or individuals) using maliciously crafted PDF documents.  The diary entry includes a technical analysis of the attack, which is quite sophisticated.  At present, the malicious code is not detected by anti-virus software, with very few exceptions.

So far, I have been unable to find any updated response from Adobe.  My earlier post contains information on mitigating the threat; the easiest first step is to disable JavaScript in Reader and Acrobat.  And, as always, be extremely suspicious of any E-mail attachments that you are not expecting.

%d bloggers like this: