Adobe Zero Day - How To Protect Yourselves?

A couple of hours ago, we wrote a detailed blog on Adobe's Zero-Day malware, found by Fireeye and investigated by Sophos Lab. The malware consisted of an exploit to hack Adobe Reader and Adobe Acrobat softwares. The recent upgrades of the two softwares have found to be insufficient in providing security to the PC running them. The exploits remain unlatched (as for now) and the user vulnerable.

Adobe is doing its part and has begun by issuing a formal bulletin offering its users advice on the matter:


Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.
Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.

Assess If You Are Being Attacked


If you are being attacked by the exploit, you may not realise it for a while. It's not an obvious attack as is the case with many malwares that are found today. The exploit basically takes over Readers using it to inject malware into your PC and reloads Reader with a clean PDF that doesn't look suspicious at all and does not function in an unexpected way. The user is therefore, at ease at what he sees on his PC not doubting it for a second.

Brace Yourself


Windows and Mac users are susceptible to such an exploit. It affects Reader and Acrobat, versions 9, X (10) and XI (11).

Windows users can defend themselves by first upgrading to version XI. Make sure that you do not opt to download the optional software (in this case, Google Chrome and Chrome toolbar) along with the update.

To protect yourself from the attack switch Protected View on:


In addition to a dependable anti-virus software and a firewall along with enforced Protected View, you are less prone to be affected by this malware.

For Mac Users


Mac users do not have a "Protected View" option. However, you can use the built-in Preview application as the default PDF viewer and avoid using Adobe. You can still load and use Reader but on your own terms. By doing so, you wont be as susceptible to the attack as you would be when its running in the background without your knowledge.


In The End


Be careful with what you receive in your emails. Do not open attachments that you receive in your emails unless they are from a trusted sender.

Cheers!

About the Author:
This article is written by Dr.Sindhia Javed Junejo. She is one of the core members of RHA team.