There’s a new PDF exploit active and in the wild just identified by Symantec’s Security Response team. I don’t have any additional magic insight or recommendations for this, but I wanted to help spread the word and provide some links to additional resources.
Quick Vulnerability Overview
- Process happens when a malicious PDF is downloaded and drops payload of malware locally on the computer.
- Vulnerability in Flash (which is embedded in browsers, PDF and other applications) and here is exploited by a malicious PDF file.
- Protection by updating your antivirus software and verifying they are protecting from this exploit.
- Malicious PDFs are detected as Trojan.Pidief.G and the dropped files as Trojan Horse.
- Operating systems current version exploits Windows XP and Vista (if UAC is not enabled).
- Any software that uses Flash is potentially vulnerable to this issue.
Symantec’s Recommendation Overview
We (Symantec) are in contact with the Adobe PSIRT team in relation to this issue. We urge our customers to ensure their antivirus definitions are up to date. Like the vulnerability Dowd discovered, it’s likely that we will see many attacks over the coming months that will attempt to exploit this vulnerability. As always, keep an eye out for the official patch from Adobe and ensure all products are up to date. As an extra safety measure, Vista users should avail of the UAC (User Account Control) feature as this will help mitigate a successful compromise.
Original Vulnerability info from Symantec
http://www.symantec.com/connect/blogs/next-generation-flash-vulnerability
More on why Flash exploits are important
http://www.matasano.com/log/1032/this-new-vulnerability-dowds-inhuman-flash-exploit/