Re: Adobe 0-day in the wild

["John LaCour" <john () johnlacour com>]

And there's very little information about how to mitigate the attack without
a patch.

By disabling Javascript in the Reader, you can prevent the known attacks.
The actual vuln isn't in Acrobat javascript - that's just leveraged for heap
spraying.

I've put together a simple batch file that disables javascript in Reader.

See http://www.phishlabs.com/blog/archives/122 for details.

-John

-----Original Message-----
From: funsec-bounces () linuxbox org [mailto:funsec-bounces () linuxbox org] On
Behalf Of Juha-Matti Laurio
Sent: Friday, February 20, 2009 8:38 AM
To: funsec () linuxbox org
Subject: [funsec] Adobe 0-day in the wild

In case you are not aware of the Acrobat/Adobe Reader 0-day there is more
information at
http://www.adobe.com/support/security/advisories/apsa09-01.html

"Adobe is planning to release updates to Adobe Reader and Acrobat to resolve
the relevant security issue.
Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9
by March 11th, 2009."

But users of 8.x and older versions have to wait.

There is a backdoot Trojan exploiting the issue in the wild.

Note: All platforms are reportedly affected.

Juha-Matti
_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.

_______________________________________________
Fun and Misc security discussion for OT posts.
https://linuxbox.org/cgi-bin/mailman/listinfo/funsec
Note: funsec is a public and open mailing list.