Security Experts: Unpatched flaw in adobe reader, acrobat exploited in Malicious Attacks
Submitted by Justin Sorkin on Sat, 02/21/2009 - 11:51

Security experts have warned that an unpatched security flaw in the current versions of Adobe Reader and Acrobat is being exploited by hackers to install malicious software via infected PDF files that let hackers to steal victims' data remotely.

According to the security experts, hackers launch malicious attack by taking advantage of buffer overflow vulnerability in Adobe Acrobat Reader 9 and multiple versions of  8 and 7, which let them infiltrate and take complete control of an affected system. The malicious program is spread through the infected PDF files; the method is typically applied in some kind of social engineering ploy that attracts users to open the attachments. Once the infected file is opened, a backdoor Trojan, designed to record keystrokes and steal data, gets activated. It transfers the stolen information to the remote server. 

In its advisory warning issued on Thursday, Abode stated that "its Reader and Acrobat software versions 9 and earlier contain a vulnerability that could allow attackers to take complete control over a system if the user were to open a poisoned PDF file". However, Adobe clarified that it has no plan to issue an update to fix the security flaw until March 11. The company stated that it is working with antivirus security companies, like McAfee and Symantec to address the issue.

Security experts have advised the users to disable the JavaScript function on Adobe Reader and Acrobat products, until Abode comes up with a patch to fix the flaw. It will help preventing code execution but could still allow a system crash.

Symantec security experts have said that so far, the attack is not widespread; it has infected fewer than 100 systems. The director of Symantec Security Response, Kevin Haley said, "It's not a mad outbreak. Whoever is taking advantage of it now is doing targeted attacks. But it certainly is possible for someone else to expand its scope. That's the big fear." 

The security experts from Shadowserver. org, a volunteer-led security group, also hold the same opinion. They also noted that the flaw is being exploited in targeted attacks. In a blog, Shadowserver volunteer Steven Adair wrote, "These types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the Internet."

»

Latest News

Father Shoots Girl’s Laptop, Posts Video on Youtube
Apple Begins Inspection
Researchers Blame Technological Advancements For Kids’ Poor Sleeping Pattern
The Google Motorola Deal Approved By US and EU
Replace Sugary Drinks with Water to Lose Weight
NASA Scientists Develop New Space Testbed
Scientists Expecting Life at Icy Dark and Cold Regions
Mysteries Behind Milky Way Galaxy To Be Unveiled
Scientific Equation behind the Shape of Ponytail Unveiled
Cooma People Encouraged To Donate Blood
Knox Receives Less Dental Care Funding
Massive Fight in Sydney Club

Internet and Web2.0

more

Economy

more

Company Results

more

Poll

Do you Feel better under President Obama's rule:

New York

more

New Zealand News

more

Latest Forum Posts

more

Search

User login

Navigation

Company News India

more

Who's new

Syndicate

Syndicate content