And there's very little information about how to mitigate the attack without a patch.
By disabling Javascript in the Reader, you can prevent the known attacks. The actual vuln isn't in Acrobat javascript - that's just leveraged for heap spraying. I've put together a simple batch file that disables javascript in Reader. See http://www.phishlabs.com/blog/archives/122 for details. -John -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Juha-Matti Laurio Sent: Friday, February 20, 2009 8:38 AM To: [email protected] Subject: [funsec] Adobe 0-day in the wild In case you are not aware of the Acrobat/Adobe Reader 0-day there is more information at http://www.adobe.com/support/security/advisories/apsa09-01.html "Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009." But users of 8.x and older versions have to wait. There is a backdoot Trojan exploiting the issue in the wild. Note: All platforms are reportedly affected. Juha-Matti _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list. _______________________________________________ Fun and Misc security discussion for OT posts. https://linuxbox.org/cgi-bin/mailman/listinfo/funsec Note: funsec is a public and open mailing list.
