Navigation
Albuquerque Weather
NM - Albuquerque, Albuquerque International Airport
- Scattered clouds
- Temperature: 84.2 °F
- Wind: South-Southwest, 12.7 mph
- Pressure: 1012 hPa
- Rel. Humidity: 18 %
- Visibility: 10 mi
Thu, 09/09/2010 - 18:56
TAG CLOUD
Albuquerque at a glance
Adobe Reader under attack from multimedia PDFs
Adobe's Acrobat Reader is currently vulnerable to a malicious exploit that takes advantage of its embedded support for multimedia content via Adobe Flash Player.
According to Finjan, the vulnerability found (CVE-2009-1862) can be exploited to download and execute malicious code on the victim's PC. Recent versions of Acrobat Reader have included the ability to render JavaScript and multimedia content, which both provide new vulnerabilities to malicious coders.
JavaScript has often been the culprit in PDF exploits, but Kaspersky Lab describes the latest exploit in the wild as an SWF object ??" a flash clip ??" that was inserted into a PDF file. By default, Acrobat Reader always allows PDFs to perform multimedia operations that call Adobe Flash, Windows Media Player and Windows' Built-In Player. Kaspersky found that this particular exploit in fact takes advantage of a vulnerability in Flash Player version 9 and 10, rather than in Adobe Reader itself.
Identified on the 22 July 2009, Kaspersky reports "PDF files with a marked Chinese connection appearing in the wild. One of these files was called 'Cao Chang-Ching The CPP made eight mistang Urumuqi incident_mm.pdf'. The events of the past few days in the Chinese town of Urumqui, where local residents clashed with police, made the news around the world, so it's no surprise to see this topic being used to spread malicious programs."
We all know we should keep our web browsers and operating system security patches up to date, but potential vulnerabilities in the plug-ins and software we use to view other web-distributed content are becoming more common. Adobe says that a patch to prevent this particular exploit will be available by 31 July. See the Adobe blog and security advisory for more details.
In the interim, we recommend following Kaspersky's advice to disable Flash in Acrobat Reader:
In Adobe Reader, go to Edit > Preferences Settings >Multimedia Trust -> Permission for Adobe Flash Player -> in Adobe Reader and choose "Never" or "Prompt".
Kat Orphanides
Who's online
Syndicate
