McAfee said it has found a vulnerability in Adobe Systems’ Reader program that reveals when and where a PDF document is opened.
The issue is not a serious problem and does not allow for remote code execution, wrote McAfee’s Haifei Li in a blog post. But McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2, Li wrote.
McAfee recently detected some “unusual” PDF samples, Li wrote. McAfee withheld some key details of the vulnerability, but did generally describe it.
The issue occurs when someone launches a link to another file path, which calls on a JavaScript API (application programming interface). Reader warns a user when they are going to call on a resource from another place, such as a link on the Internet.
Since the start of the year, hackers have been exploiting vulnerabilities in Java to carry out a string of attacks against companies including Microsoft, Apple, Facebook and Twitter, as well as home users. Oracle has made an effort to respond faster to the threats and to strengthen its Java software, but security experts say the attacks are unlikely to let up any time soon.
Just this week, security researchers said the hackers behind the recently uncovered MiniDuke cyberespionage campaign used Web-based exploits for Java and Internet Explorer 8, along with an Adobe Reader exploit, to compromise their targets. Last month, the MiniDuke malware infected 59 computers belonging to government organizations, research institutes, think tanks and private companies from 23 countries.
The Java exploit used by MiniDuke targeted a vulnerability that hadn’t been patched by Oracle at the time of the attacks, Kaspersky Lab said in a blog post. Vulnerabilities that are made public or exploited before a patch is released are known as zero-day vulnerabilities, several of which have been used in the attacks against Java this year.
In February, software engineers from Microsoft, Apple, Facebook and Twitter had their work laptops infected with malware after visiting a community website for iOS developers that had been rigged with a Java zero-day exploit. The breaches were the result of a larger “watering hole” attack launched from multiple websites that also affected government agencies and companies in other industries, The Security Ledger reported.
Adobe Flash, Adobe Reader, and Oracle’s Java. All three are virtually ubiquitous on modern-day PCs, and all three provide handy-dandy functionality—functionality that, in the case of Flash and Java, can’t be directly reproduced by a third-party solution. If we lived in a vacuum, it would be hard to argue that the trio doesn’t deserve its spot on computers around the globe.
We don’t live in a vacuum, though.
Here in the real world, widespread adoption of the software makes all three irresistible targets for hackers and malware peddlers. The attacks reached a fever pitch in the early months of 2013, with a flood of reports about Flash, Reader, and Java exploits. Threedifferentarticles about Java exploits hit PCWorld’s homepage this past Monday and Tuesday alone, and Adobe issued three critical Flash updates in February.
But don’t yank out that ethernet cable or wrap your desk in a Faraday cage just yet. You don’t have to use Java, Flash, and Reader just because everyone else does. I spent more than a week without Reader, Java, Flash, and their respective browser plug-ins to see if it’s possible to live without the software and not suffer massive migraines.
Setting up a new PC can be a daunting task. Getting it out of the box and plugged in is the easy part. The challenge comes from tracking down all those little patches, utilities, and other minor software that you accumulated through the years on your old PC. Free utility DDownloads (free) helps you out by giving you easy access to hundreds of popular applications, tools, and utilities, directly from official sources.
The Home screen gives you quick access to all the main features.
It is tempting to compare DDownloads to Ninite, an online service that streamlines the installation of nearly 100 apps. What sets DDownloads apart is that has a larger selection of software (500 vs Ninite’s 94), and it gives you far more control over the installation because, by default, it does not automate app installation. This can be especially important if your PC has an SSD drive, in which case you may prefer to install applications somewhere other than the default location.
The application opens to a home screen that gives you quick access to basic features, such as the various software categories, and advanced features such as silent installation and batch installation. The Windows Starter Kit provides you with a list of links for very common apps and utilities such as Adobe Flash, Adobe Reader, Microsoft .NET and Silverlight, Oracle Java runtimes, and so on.
When browsing the application databases, clicking the name of an application will show the URL for the download page in the bottom-right corner. Some applications do not allow direct links to the download, so instead DDownloads sends the URL to your Web browser, and your browser will then download the file. If you are the suspicious type, you can right-click the application name and select “Copy Download Link to Clipboard” and manually paste it into your Web browser. If the link is dead, you can use the handy “Copy App Name to Clipboard” function to try to track the app down the old-fashioned way.
Adobe released emergency patches for Adobe Reader and Acrobat 11, 10 and 9 on Wednesday that address two critical vulnerabilities being actively exploited by attackers.
The exploit was discovered by researchers from security firm FireEye in active attacks last Tuesday and was confirmed by Adobe one day later. It’s particularly dangerous because it bypasses the sandbox anti-exploitation mechanism in Adobe Reader 10 and 11.
“Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux,” the company said Wednesday in a security advisory. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”
As soon as possible, users should update their Adobe Reader and Acrobat installations to the new versions released Wednesday. These are Adobe Reader and Acrobat 11.0.02, 10.1.6, and 9.5.4.
Adobe Systems said it will release patches for two critical vulnerabilities disclosed last week that are actively being used by attackers.
The company said on Saturday the patches will be released sometime this week. Both vulnerabilities can be exploited if a user can be tricked into opening a malicious PDF, which is usually sent to targeted victims by email.
The latest vulnerabilities were discovered by security vendor FireEye, which said it supplied its findings to Adobe. An analysis by Kaspersky Lab of the exploit using the vulnerabilities found that it bypasses the “sandbox” built into Adobe Reader, which is a technology designed to contain attempts to install malicious software.
Kaspersky said the exploit had a level of sophistication seen in cyberespionage campaigns. The malicious software delivered to infected computers can record keystrokes as well as steal passwords and information about a computer’s configuration.
A recently found exploit that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11 is highly sophisticated and is probably part of an important cyberespionage operation, the head of the malware analysis team at antivirus vendor Kaspersky Lab said.
The exploit was discovered Tuesday by researchers from security firm FireEye, who said that it was being used in active attacks. Adobe confirmed that the exploit works against the latest versions of Adobe Reader and Acrobat, including 10 and 11, which have a sandbox protection mechanism.
“Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message,” the company said in a security advisory published Wednesday.
Adobe is working on a patch, but in the meantime users of Adobe Reader 11 are advised to enable the Protected View mode by choosing the “Files from potentially unsafe locations” option under the Edit > Preferences > Security (Enhanced) menu.
Another day, another critical security exploit discovered for Adobe Reader. Ho-hum. The PDF software’s near-ubiquitous presence has made it a big, fat, juicy target for years now, and by this point, you shouldn’t be asking what Adobe’s going to do to shore up its perpetually leaky program. Instead, you should ask yourself: Why are you still using Adobe Reader at all?
Believe it or not, the PDF viewer scene is bristling with a number of alternatives that receive far less nefarious attention than Adobe’s software. Switching away from Reader won’t only free you from the tiresome exploit-update-exploit-update-exploit treadmill, it could very well free up some of your valuable system resources. Adobe Reader‘s so big and bloated that even its most feature-packed competitors seem downright svelte in comparison.
Without further ado, here’s a trio of PCWorld tested—and approved!—PDF readers that can free you from Reader’s headaches, no matter whether you’re looking for a simple, lightweight PDF viewer or a more robust PDF editing and creation tool.
The contenders
Sumatra PDF. If you just want the ability to open PDFs and don’t care about bells and whistles, Sumatra PDF is an excellent choice. The program’s pretty much limited to straightforward PDF viewing, but it’s lightning-fast and uses very few system resources.
Researchers from security firm FireEye claim that attackers are actively using a remote code execution exploit that works against the latest versions of Adobe Reader 9, 10 and 11.
“Today, we identified that a PDF zero-day [vulnerability] is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1,” the FireEye researchers said late Tuesday in a blog post.
The exploit drops and loads two DLL files on the system. One file displays a bogus error message and opens a PDF document that’s used as a decoy, the FireEye researchers said.
Remote code execution exploits regularly cause the targeted programs to crash. In this context, the fake error message and second document are most likely used to trick users into believing that the crash was the result of a simple malfunction and the program recovered successfully.
A new exploit kit called Whitehole has emerged on the underground market, providing cybercriminals with one more tool to infect computers with malware over the Web, security researchers from antivirus vendor Trend Micro reported Wednesday.
Exploit kits are malicious Web-based applications designed to install malware on computers by exploiting vulnerabilities in outdated browser plug-ins like Java, Adobe Reader or Flash Player.
Attacks that use such toolkits are called drive-by downloads and they don’t require any user interaction, making them one of the most efficient ways to distribute malware. Users generally get redirected to drive-by download attack pages when visiting compromised websites.
Whitehole uses similar code to Blackhole, one of the most popular exploit toolkits used today, but does have some particular differences, the Trend Micro security researchers said in a blog post.
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers.
Details about the vulnerability and how it can be exploited were publicly disclosed last week by Andrea Micalizzi, an independent security researcher from Italy.
No official patch is yet available, according to an advisory from vulnerability intelligence and management company Secunia. The security firm rated the flaw as highly critical because it can be exploited remotely to gain system access.
Foxit’s developers have identified the cause of the vulnerability and are working on creating a patch, a Foxit sales and service representative said Friday via email. The patch is expected to be released within one week, she said.
A built-in PDF viewer component based on JavaScript and HTML5 Web technologies has been added to the beta version of Firefox 19, Mozilla said Friday.
The browser maker described the built-in PDF viewer as more secure and safer than proprietary PDF viewing plug-ins, like those installed by Adobe Reader or Foxit Reader. However, several security experts noted that it probably won’t be free of vulnerabilities.
“For a number of years there have been several plugins for viewing PDFs within Firefox,” Mozilla Engineering Manager Bill Walker and Mozilla Software Engineer Brendan Dahl said Friday in a blog post. “Many of these plugins come with proprietary closed source code that could potentially expose users to security vulnerabilities. PDF viewing plugins also come with extra code to do many things that Firefox already does well with no proprietary code, such as drawing images and text.”
The built-in PDF viewer currently being tested stems from a Mozilla Labs project called PDF.js. “The PDF.js project clearly shows that HTML5 and JavaScript are now powerful enough to create applications that could previously have only been created as native applications,” the Mozilla software engineers said. “Not only do most PDFs load and render quickly, they run securely and have an interface that feels at home in the browser.”
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers. Source: FULL ARTICLE at Computerworld Latest
Foxit Reader, a PDF viewer application often used as an alternative to the more popular Adobe Reader, contains a critical vulnerability in its browser plug-in component that can be exploited by attackers to execute arbitrary code on computers. Source: FULL ARTICLE at Computerworld Latest
Today is the second Tuesday of January—which makes it the first Patch Tuesday of 2013. Adobe is addressing a few critical vulnerabilities in its software as well this Patch Tuesday.
Adobe issued two Security Bulletins. The first, APSB13-01, is for Adobe Flash. The bulletin states that versions of Adobe Flash Player for Windows, Mac OS X, Linux, and Android are all impacted by a vulnerability that could cause a system crash, or allow an attacker to execute malicious code remotely.
APSB13-02deals with flaws in Adobe Acrobat and Adobe Reader. According to the bulletin, Adobe Acrobat and Reader 11.0.0 and earlier versions on Windows and Mac OS X, and Adobe Reader 9.x versions for Linux are at risk. Like the Flash security bulletin, this one states that the vulnerabilities could lead to a system crash or allow an attacker to take control of the affected system.
