Adobe ‘Protected Mode’ PDF Reader 0-day fix due ‘this week’

Adobe says it will release a patch this week for two previously unseen vulnerabilities that allowed hackers to bypass its ‘Protected Mode’ sandboxing security in Reader and Acrobat X and XI.

The patch for the latest zero day exploit targeting Adobe software will arrive “during the week of February 18, 2013”, according to a weekend update by Adobe, however it has not said precisely when.

Adobe confirmed last week that hackers were exploiting Adobe Reader via malicious PDFs sent to targets as emailed attachments. The flaws affect all current versions of Reader and Acrobat on all desktop platforms.

The patch will fix two vulnerabilities that allowed hackers to bypass “Protected Mode”, a default sandboxing feature of Reader X and XI for Windows that Adobe introduced in 2010. The feature was designed to prevent malware from being installed by running all PDF display processes in a confined environment.

Adobe’s suggested mitigation for recently discovered malicious PDFs that exploited the zero-day flaws was to enable Protected View on Windows installations -- a highly restrictive mode that puts Acrobat it into a “read-only” mode and assumes all PDFs are malicious until the user authorises it to move out of that mode.

Similar features were later added to Reader, however unlike Protected Mode for the two products, Protected View was not on by default as part of Adobe's effort to strike a balance between usability and security, it explains in a developer document.

The PDF exploits that were recently discovered by security firm FireEye were able to bypass Protected Mode sandboxing and beat memory-exploitation prevention measures in Reader and Acrobat.

The fixes due will apply to: Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux.

Follow @CSO_Australia and sign up to the CSO Australia newsletter.

Join the newsletter!


Sign up to gain exclusive access to email subscriptions, event invitations, competitions, giveaways, and much more.

Membership is free, and your security and privacy remain protected. View our privacy policy before signing up.

Error: Please check your email address.
Follow our new CSO Australia LinkedIn
Follow our new social and we'll keep you in the loop for exclusive events and all things security!
Have an opinion on security? Want to have your articles published on CSO? Please contact CSO Content Manager for our guidelines.

Tags adobePDF flaw

More about Adobe SystemsCSOFireEyeLinux

Show Comments

Featured Whitepapers

Editor's Recommendations

Brand Page

Stories by Liam Tung

Latest Videos

More videos

Blog Posts