Wednesday, February 25, 2009

Adobe Reader/Acrobat JBIG2 Indexing Zero Day Vulnerability.

I hope you are aware of the 0-day vulnerability currently being actively exploited in Adobe Reader/Acrobat. I initially heard rumours about this 0-day vulnerability on 16th February 2009. Three days later, Adobe confirmed the existence of the 0-day vulnerability and Secunia issued an advisory. Over the last couple of days, I have seen many sources recommend users to disable support for JavaScript in Adobe Reader/Acrobat to prevent exploitation. While this does prevent many of the currently seen exploits from successfully executing arbitrary code (as they rely on JavaScript), it seems that it does not protect against the actual vulnerability. Secunia managed to create a reliable, fully working exploit which does not use JavaScript and can therefore successfully compromise users, who may think they are safe because JavaScript support has been disabled.
Bottomline: All users of Adobe Reader/Acrobat should therefore show extreme caution when deciding which PDF files to open regardless of whether they have disabled JavaScript support or not. I hope that Adobe will be issuing patches very soon.
To be continued ...