New Adobe PDF Zero-Day Under Attack 203
Rahmmp writes "Adobe has sounded an alarm for a new zero-day flaw in its PDF Reader/Acrobat software, warning that hackers are actively exploiting the vulnerability in-the-wild. An Adobe spokeswoman described the attacks as 'limited' but warned that that could change with the availability of public samples and exploit code."
Re:What is this stupidity??? (Score:5, Interesting)
They took a document programming language and stripped out all the programming features to make a document description format.
And then they added a programming language.
Re:What is this stupidity??? (Score:5, Interesting)
Let me add: They started from a programming language where security is *easy to implement*.
Evince, Okular, xpdf? (Score:3, Interesting)
So, are any of the viewers I use vulnerable?
Re:What is this stupidity??? (Score:3, Interesting)
Funny you should mention that one, the last non-scripting exploit for Adobe Acrobat Reader was also an exploit for Foxit Reader.
Rocket Scientists... (Score:1, Interesting)
Yup... just hit NASA like 5 minutes ago (sent to all-agency minus JPL). The best part is that you can see who clicked on the link, because they immediately sent out another message!
Here is the e-mail (don't download the PDF obviosuly!):
Hello,
This is The Document I told you about,you can find it Here.http://www.sharedocuments.com/library/PDF_Document21.025542010.pdf
Please check it and reply as soon as possible.
Cheers,
NOW ACTIVE IN THE WILD (Score:1, Interesting)
I can positively report this as an active threat. Our company just had someone click on an unknown link from a known sender in an email (yes users are dumb) and now they're infected. It has started sending emails to everyone in their contact list through outlook. I've received over 30 emails with a link to the infected document in less than 5 minutes.