Zero-day Adobe Reader Exploit Being Sold in the Black Market
By on November 8th, 2012

Adobe Reader is notorious for having security flaws and these flaws are always exploited eventually. By now, you might have lost count of the number of times exploits have been discovered for Adobe’s PDF reader. However, what is interesting this time is that this unknown security flaw has made its way to the black-market and is selling at a considerably high price. This is not a hacker group trying to get some adrenaline flowing from hacking Adobe Reader. This qualifies for organized crime, and Adobe has no clue of what it can do to curb this problem.

adobe-reader-security-flaw

The research on this exploit has been carried out by Group-IB. Group-IB is based off Moscow, and is the country’s leading computer security-company. A spokesperson for Adobe, Wiebke Lips, says,

Adobe will reach out to Group-IB. But without additional details, there is nothing we can do, unfortunately— beyond continuing to monitor the threat landscape and working with our partners in the security community, as always.

Adobe was not contacted by Group-IB over this exploit and the exploit is rumored to sell in the black market at $50,000. This is a significant blow for Adobe, as it introduced a sandbox for Reader X. The sandbox was supposed to hold ground against unknown exploit. However, if this exploit really is working, the sandbox has obviously failed and has provided a false sense of security until now.

The exploit works on Microsoft Windows, and starts only after the user closes his web-browser or Reader application. For now, it would be safer to switch to an alternative to Adobe Reader.

Tags:
Author: Chinmoy Kanjilal Google Profile for Chinmoy Kanjilal
Chinmoy Kanjilal is a FOSS enthusiast and evangelist. He is passionate about Android. Security exploits turn him on and he loves to tinker with computer networks. He rants occasionally at Techarraz.com. You can connect with him on Twitter @ckandroid.

Chinmoy Kanjilal has written and can be contacted at chinmoy@techie-buzz.com.
 
Copyright 2006-2012 Techie Buzz. All Rights Reserved. Our content may not be reproduced on other websites. Content Delivery by MaxCDN