• Posted Nov. 23, 2012, 12:24 p.m. - 11 years, 11 months ago

Adobe Security Sandbox Security Broken with No Fix in Sight

There is an exploit named “0day” that has been recently discovered by a group in Kazakhstan.  This exploit allows a specially crafted PDF file to run a program on the target computer.

 

Adobe Reader uses a sandbox security environment when opening PDF files.  This sandbox does not allow any scripts or additions to the PDF to access any area outside of the sandbox.  This should protect the computer.

Group IB claims to have developed an exploit which will allow a PDF to break out of the sandbox and execute any program it desires.  You can see that this threat could allow anyone to gain control over your computer with the proper exploit.

Adobe usually fixes such vulnerabilities quite quickly, but there is a problem with this particular 0day exploit.  Kris Kaspersky, of the security company called Group IB, has been unwilling so far to share the details of the exploit with Adobe.  Kris only reveals that “the vulnerability lies in a use-after-free bug when the sandbox process communicates with the reader broker process”

Adobe has been trying to work with Group IB since early November.  Who knows why Group IB is stalling.  Maybe they are trying to get some money from Adobe.

So what can you do to protect yourself?  You will have to use a PDF reader that is not vulnerable to the 0day exploit.

Infix is not vulnerable to this exploit, so we recommend using this program.  So stop using the Adobe Reader for opening other people’s PDF files until they provide a fix.