On December 6, Adobe announced that a zero-day vulnerability in all supported versions of Adobe Acrobat and Reader is being exploited in the wild. No patch is currently available. Apparently, Lockheed Martin reported the issue, indicating this may have been used in an attack on the defense technology company. Targeted attacks were reported in the first week of November, so this one has been active a while.
The vulnerability is being exploited in the wild through PDF attachments to e-mails containing what Symantec is calling “Pidief“, listed as a family of Trojans that drop or download additional malware on to a compromised computer. The malware agent is reportedly dropping “Sykipot” once initially compromised, providing a backdoor into the system for remote control.
Adobe expects to have a patch released for Reader and Acrobat 9 by the week of December 12, and will update Reader/Acrobat X as part of its regular quarterly patch cycle January 10th, 2012. Adobe recommneds that in the meantime, use Reader and Acrobat X’s protected mode or sand-box capabilities to protect users.
- Exercise extreme caution when handling PDF files. Any PDF email attachments should be treated suspiciously. Email attachments are a common vector for targeted attacks withg this kind of vulnerability.
- Instruct users to use extreme caution when opening PDF files from unknown or untrusted sources, especially email attachments.
- Upgrade to Adobe Reader X and Adobe Acrobat X, which provide a built in sand-box enabled by default.
- Apply the patch from Adobe as soon as it becomes available.