Qualys Blog

www.qualys.com
wkandek

Update: Adobe Reader 0-day Vulnerability

Yesterday Adobe’s PSIRT acknowledged a flaw in Adobe Reader in the handling of PDF documents that is being exploited in the wild. The flaw affects Adobe Reader under Windows, MAC OS X and Linux/Unix.Symantec identifies the attack as Trojan-Pidief.H.

The ISC’s handler on duty Pedro Bueno posted additional information.

Stay tuned for more information about potential workarounds – some have suggested turning off JavaScript in Adobe Reader which we think is a best practice anyway, but we do not know whether this is helpful for this attack.

Update: according to the advisory turning off Javascript is the recommended workaround, and enabling DEP in newer version of Windows provides further protection.

Leave a Reply