Adobe ‘Protected Mode’ PDF Reader 0-day fix due ‘this week’

Adobe says it will release a patch this week for two previously unseen vulnerabilities that allowed hackers to bypass its ‘Protected Mode’ sandboxing security in Reader and Acrobat X and XI.

The patch for the latest zero day exploit targeting Adobe software will arrive “during the week of February 18, 2013”, according to a weekend update by Adobe, however it has not said precisely when.

Adobe confirmed last week that hackers were exploiting Adobe Reader via malicious PDFs sent to targets as emailed attachments. The flaws affect all current versions of Reader and Acrobat on all desktop platforms.

The patch will fix two vulnerabilities that allowed hackers to bypass “Protected Mode”, a default sandboxing feature of Reader X and XI for Windows that Adobe introduced in 2010. The feature was designed to prevent malware from being installed by running all PDF display processes in a confined environment.

Adobe’s suggested mitigation for recently discovered malicious PDFs that exploited the zero-day flaws was to enable Protected View on Windows installations -- a highly restrictive mode that puts Acrobat it into a “read-only” mode and assumes all PDFs are malicious until the user authorises it to move out of that mode.

Similar features were later added to Reader, however unlike Protected Mode for the two products, Protected View was not on by default as part of Adobe's effort to strike a balance between usability and security, it explains in a developer document.

The PDF exploits that were recently discovered by security firm FireEye were able to bypass Protected Mode sandboxing and beat memory-exploitation prevention measures in Reader and Acrobat.

The fixes due will apply to: Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Tags PDF flawadobe


Comments are now closed

CSO Corporate Partners
  • f5
  • Webroot
  • Trend Micro
  • NetIQ
rhs_login_lockGet exclusive access to CSO, invitation only events, reports & analysis.
CSO Directory

Business Risk Management Solutions

Create and deliver online assessments to identify business risks and track their mitigation and resolution.

Security Awareness Tip
Security ABC Guides

Warning: Tips for secure mobile holiday shopping

I’m dating myself, but I remember when holiday shopping involved pouring through ads in the Sunday paper, placing actual phone calls from tethered land lines to research product stock and availability, and actually driving places to pick things up. Now, holiday shoppers can do all of that from a smartphone or tablet in a few seconds, but there are some security pitfalls to be aware of.