Hackers Exploit Newly Discovered Adobe Acrobat Zero-Day Vulnerability Since December
Attackers Have Been Exploiting Unpatched Adobe Reader Flaw Since December
Cybersecurity researchers have uncovered evidence of a highly sophisticated attack campaign exploiting a previously unknown vulnerability in Adobe Reader.
According to Haifei Li, the founder of the sandbox-based exploit-detection platform EXPMON:“The attacks, which began at least four months ago, involve the use of maliciously crafted PDF documents to steal sensitive information from compromised systems.”
The Vulnerability Details
The vulnerability, which affects the latest version of Adobe Reader, allows attackers to collect and steal local data without requiring any user interaction. Additionally, the exploit enables the threat actor to launch subsequent remote code execution (RCE) and sandbox escape (SBX) attacks, potentially leading to full control of the victim’s system.
Security Measures Taken So Far
- Security researcher Haifei Li has notified Adobe about his findings.
- Limited measures to mitigate the attacks include monitoring and blocking HTTP/HTTPS traffic containing the “Adobe Synchronizer” string in the User-Agent header.
As the security community remains on high alert due to the zero-day/unpatched capability for broad information harvesting and potential subsequent RCE/SBX exploitation, users should exercise caution when handling PDF files from untrusted sources.
About Author
English