Zero-day Adobe vulnerability targeted defense contractor
- By 1105 Media Staff
- Dec 08, 2011
Adobe is warning of a zero-day vulnerability in Adobe Reader on Windows that could lead to attackers hijacking a system, and that apparently has been used against defense contractor Lockheed Martin and others.
The "critical" issue, called "U3D memory corruption vulnerability" by Adobe, could cause a system to crash and also allow unrestricted access by hackers. The exploit is carried out via a hole in the compression file format called universal 3-D. While other companies, including Hewlett-Packard and Intel, use the universal 3-D file format, there has been no word of this particular vulnerability popping up in non-Adobe software.
Adobe warned that the "vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows." The targets have included Lockheed Martin and Mitre, which manages many U.S. research centers, and other organizations.
Report: China the source of RSA hack, hundreds of others also hit
Microsoft pooh-poohs zero-day threats, but what’s the truth?
Adobe credited Lockheed and the Defense Security Information Exchange (DSIE) with reporting the vulnerability. The apparent choice of targets has given rise to speculation that the exploit it being used to target defense contractors, ThreatPost reported.
Lockheed was the target of a failed attack earlier this year that was carried out using security token information stolen from RSA Security. RSA in March reported the breach, which gathered information on its SecurID authentication tokens, and later said it came from a nation-state. An additional report said the attack originated in China.
A patch is currently being worked on to fix the vulnerability found in Adobe Reader 9.x versions, and it should be released no later than Dec. 12, according to a security advisory issued Dec. 6. Fixing both Adobe Reader X and Acrobat X is considered to be a lower priority task for Adobe compared with fixing earlier versions of Reader.
"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for Jan. 10, 2012," wrote Wendy Poland, member of the Adobe Product Security Incident Response Team, in a blog post.
There is also less of a risk factor for Macintosh and Unix systems to be exploited with this vulnerability, so a fix will also wait until the next quarterly update.
In the meantime, Brad Arkin, senior director of product security and privacy for Adobe, says that to be 100 percent sure your system is safe, update your older versions of Reader and Acrobat to X.
"We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install," Arkin wrote in a blog post. "Help us help you by running the latest version of the software!"