Image via WikipediaAdobe PDF Flaw Remains Unpatched - PCWorldThe exploit for a critical unpatched bug in Adobe Reader that's now circulating is "clever" and "impressive," security researchers said this week.
First uncovered last week by Washington-based researcher Mila Parkour, attackers are using rigged PDF documents that include code to exploit a zero-day vulnerability in the widely used Reader PDF viewer as well as in Acrobat, Adobe's PDF creation software.
The sophisticated exploit bypasses two important defenses that Microsoft erected to protect Windows, ASLR (address space layout randomization) and DEP (date execution prevention), researchers have confirmed.
"It's pretty clever," said Chet Wisniewski, a senior security adviser with software security firm Sophos. "It circumvents protections like ASLR and DEP. "Its techniques are certainly out of the ordinary and a lot more sophisticated than the garden variety [PDF] exploit."
No comments:
Post a Comment
Note: Only a member of this blog may post a comment.