According to ComputerWorld and Symantec, Attackers are currently leveraging a zero day vulnerability in Adobe Reader in targeted attacks against telecommunications, manufacturing, computer hardware, and chemical companies, as well as defence sector organisations like Lockheed Martin.
The attacks may have started as early as the beginning of November, and arrive as a targeted phishing email with a malicious PDF attachment. If you open said attachment, your computer gets infected with information stealing malware.
Earlier this weak, Adobe confirmed this zero day flaw in a Security Advisory. The vulnerability affects all current versions of Reader and Acrobat running on any platform. Though they have not released a fix for the flaw yet, they plan to sometime next week.
Until then, we highly recommend that you inform your users to be very careful handling PDF files that come from outside your organization, whether from a trusted source or not. If you have one of our security appliances, you can also use our proxy policies to strip all PDF content if you like. That said, doing so blocks both legitimate and malicious PDF files. Also, be sure to keep both your gateway and client level antivirus software up to date, as it likely has signatures to block known variants of this attack.
As soon as Adobe releases an update to fix this issue, we will let you know in a follow-up post.
There has also been reports of a Russian research team unveiling two zero day vulnerabilities in Adobe’s Flash Player as well. This team has no plans of informing Adobe, as they don’t believe in disclosing bugs for free. Adobe has not responded to these reports yet, but we will update you on this issues as well, as it develops. In the meantime, you can read more about these reported flaws here. — Corey Nachreiner, CISSP (@SecAdept)