| Home : February 14 2013 Computer News : Adobe confirms zero-day exploit bypasses Adobe Reader sandbox |
|
Adobe confirms zero-day exploit bypasses Adobe Reader sandbox |
February 14, 2013
A recently found exploit that bypasses the sandbox anti-exploitation protection in Adobe Reader 10 and 11 is highly sophisticated and is probably part of an important cyberespionage operation, the head of the malware analysis team at antivirus vendor Kaspersky Lab said.
The exploit was discovered Tuesday by researchers from security firm FireEye, who said that it was being used in active attacks. Adobe confirmed that the exploit works against the latest versions of Adobe Reader and Acrobat, including 10 and 11, which have a sandbox protection mechanism.
"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message," the company said in a security advisory published Wednesday.
Adobe is working on a patch, but in the meantime users of Adobe Reader 11 are advised to enable the Protected View mode by choosing the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.
To read this article in full or to leave a comment, please click here
Link: http://www.pcworld.com/article/2028163/adobe-confirms-zeroday-exploit-bypasses-adobe-reader-sandbox.html
|
|
|
|
|
