Researchers from the respected malware research firm FireEye today reported a zero-day flaw that is actively being exploited in the wild. They reportedly observed successful exploitation of the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1. It is assumed that earlier versions are also vulnerable though this has not been confirmed.
In the words of FireEye, “Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”
The exploit has been reported to the Adobe security team. Until it can be confirmed and mitigated, it is recommended that you refrain from opening unknown PDF files. Since this might also be exploitable via drive-by attacks, Thom Infotech further recommends that users disable the Adobe PDF plugin from their web browsers.
- In Google Chrome, merely type “about:plugins” in the address bar and you’ll be presented with a list. Click “Disable” on the Adobe Reader plugin that appears in the list (assuming you have Adobe PDF reader installed).
- In Firefox, go to Addons > Plugins and click Disable on the entry for Adobe Acrobat.
- In Internet Explorer, go to Internet Options > Programs tab > Manage add-ons button and highlight the “Adobe PDF Link Helper”. Click the “Disable” button on the lower-right corner of the window.
