In-the-Wild Exploits of Unpatched PDF Bug

A week before Adobe is scheduled to patch a critical vulnerability in its popular PDF software, hackers are reportedly exploiting the bug in both targeted and large-scale attacks.  The SANS Institute’s Internet Storm Center (ISC) reported Monday that they’d received samples of a PDF document that hijacked PCs using a bug Adobe acknowledged Dec. 14.  In his write-up, ISC analyst Bojan Zdrnja called the attack “sophisticated” and its use of egg-hunt shellcode “sneaky.” Last month Adobe said it would not patch the bug until Jan. 12. 

“Egg-hunt shellcode” is a term for a multi-stage payload used when the attacker can’t determine where in a process’ address space the code will end up.

Recommendations are to disable JavaScript in affected products.  Scripts are avaialble for the enterprise, and advise is avaialble from Adobe for home users.  My solution is to stop using Adobe, opting for one of the many freeware alternative PDF readers avaiallbe.  Adobe delivers security updates for Reader and Acrobat quarterly on the same second-Tuesday of the month that Microsoft has long used for its patch delivery schedule.