Zero-day PDF Attack Goes After Flash Flaw

Adobe's unfortunate security problems continue: Symantec today reported that is has discovered a new attack in the wild using malicious PDFs that target a zero-day security hole in Adobe Flash.

Symantec says it has only found a limited number of attacks for the time being. The new risk "is not something we should be sowing widespread panic over," says Marc Fossi, manager of development with Symantec, "but it is another reason to remain cautious."

The attacks seen so far use a poisoned PDF that, when opened, will install malware on a victim PC. But according to Fossi, crooks may be able to target the underlying Flash flaw using code on a Web page, allowing for a drive-by-download that targets a zero-day flaw, arguably the most dangerous type of Internet attack.

"What we've seen suggests that it could be targeted from a [Web] page," Fossi says. Such attacks have thankfully not yet been seen, and so far PDFs are the only attack vector against this new flaw.

Symantec says it is in touch with Adobe's PSIRT team, which late last night put up a post saying it "is aware of a potential vulnerability in Adobe Reader and Acrobat 9.1.2 and Adobe Flash Player 9 and 10," but without any further details.

Symantec's post on the discovery provides much more detail on the nature of the attack, but the company doesn't yet know of any workaround or temporary fix to protect against this new flaw. One option may be to use an alternate PDF reader such as Foxit until an Adobe patch is available, but doing so wouldn't protect against a Web-based attack if the bad guys make that jump. Sending all PDF downloads or attachments to Virustotal.com could also improve your chances of detecting a potential attack.

Subscribe to the Security Watch Newsletter

Comments