McAfee's advanced exploit detection system (AEDS) uncovered the threat on Friday, and it relates to an unpatched security flaw contained in every version of Adobe Reader, including the latest 'sandboxed' Reader XI (11.0.2).
McAfee declined to reveal the details of the vulnerability as Adobe is yet to release a patch for it. The vendor said that it has already detected a number of groups and people exploiting it, potentially for malicious purposes.
"We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an ‘email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks," wrote McAfee's Haifei Li.
"Some people might leverage this issue just out of curiosity to know who has opened their PDF documents, but others won't stop there. An APT attack usually consists of several sophisticated steps. The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim's computing routine."
Despite its potential application, McAfee confirmed that it has made Adobe aware of the issue and the company is working on a patch. At the time of publishing Adobe had not responded to V3's request for comment when the patch will be released.
The zero-day vulnerability is one of many targeting popular platforms to have been discovered in recent weeks. Many of the vulnerabilities have related to Oracle's Java platform. The number of attacks led Finnish security firm F-Secure to list Java as the victim of choice for criminals.
No comments:
Post a Comment