The newest zero-day exploit of the Adobe Reader and Adobe Acrobat programs, recently observed for the first time, sidesteps two land mines put there by Microsoft for the Windows operating system. I won’t go into the technical details but the security measures are related to the programs use of memory. Whether or not you fully understand this paragraph, this is what needs to be understood: the techniques used in this new exploit have been labeled as “scary”, “clever” and “impressive”. Not the kind of modifiers you want to hear when the subject at hand is exploits.
This exploit has been observed circulating in the wild, attached to e-mails touting renowned golf coach and author David Leadbetter with subject: “David Leadbetter’s One Point Lesson”. In addition to that it comes with a “valid” digital signature (to ascertain authenticity and legitimacy) stolen, of course. So heads up.
Mitigating Actions and Patches
Adobe warned Reader and Acrobat users last week of the vulnerability, but it has not said when it would patch the bug. Nor has it offered any advice about how to stymie attacks.
Disabling JavaScript in Reader and Acrobat would block the current exploit but might not protect people against future attacks. To disable JavaScript in Adobe Reader or Acrobat on Windows, select Preferences from the Edit menu, choose “JavaScript,” then uncheck the “Enable Acrobat JavaScript” option.
And of course security awareness and good habits when it comes to handle emails and surfing the web always help mitigate the propagation of these threats.