Critical 0-day Adobe Acrobat, Reader flaw exploited in the wild
Adobe has released a security advisory warning users about a newly discovered 0-day vulnerability that has already been spotted getting exploited in the wild.
The flaw affects all current versions of Adobe Reader for Windows, Macintosh and UNIX, and of Adobe Acrobat for Windows and Macintosh. “This vulnerability (CVE-2010-2883) could cause a crash and potentially allow an attacker to take control of the affected system. Adobe is aware of public exploit code for this vulnerability,” says in the advisory.
The company is still evaluating when a security update to resolve the flaw will be pushed out, and they haven’t provided any mitigating instructions so far.
In the meantime, vendors of security solutions have begun detecting malware that exploits the vulnerability. Trend Micro has detected a Trojan that arrives as an attachment to spam email messages, which drops a downloader into the system. This downloader leads to another one, which is downloaded – along with other malware – from various (currently unavailable) URLs.
A quick search for the registration information for those URLs revealed that the registrant is located in Hong Kong, but the servers that host the site are located in the U.S. and in Germany.
Another interesting fact is that the malicious file is digitally signed with a valid certificate of a legitimate American credit union:
Adobe is urging users to keep their anti-malware solutions up-to-date in order to protect themselves until a patch is issued.