Different response to the zero-day vulnerability in Adobe Acrobat and Adobe Reader

Sept. 26, 2010 - PRLog -- It is reported that zero-day vulnerability in Adobe Acrobat and Adobe Reader occured again. All versions of Acrobat and Reader 8 and 9 for Windows, Macintosh, and Unix are open to attack, including the latest version. Other PDF reading alternatives, such as Foxit Reader (http://www.downloadatoz.com/toplight/foxit+reader.html), are not affected. The hackers mainly create special PDF files using this vulnerability and distribute them via email. When the users click the PDF attachment or link, the computer may be controled completely.

Security experts have called the exploit for a critical unpatched bug in Adobe Reader "scary" and "clever" for the way it sidesteps critical Windows defenses designed to isolate malicious code and make it harder to execute malware. Those attacks went public last week, when independent security researcher Mila Parkour reported the flaw to Adobe, then published her preliminary findings. Adobe issued a security warning a day later, and on Monday announced it would patch the problem early next month.

At the time, Google characterized the attacks as "highly sophisticated and targeted," and said at least another 20 major companies were also subjected to the same kind of assaults. "We looked at how they're distributing and propagating the attacks," said Joe Chen, the director of engineering in Symantec's security response group in an interview.

Wisniewski,a senior security adviser with software security firm Sophos, said that there was evidence that the hacker had been working on the exploit for almost a year. "The DLL that it drops was signed in 2009, so that part of it at least isn't brand new," he said. "That doesn't mean the exploit itself was available back then, but is another indication of a targeted attack."

He compared the Reader zero-day exploit with the Stuxnet worm, which caused concern in July when it was discovered attacking industrial control systems at large manufacturing and utility companies. Symantec traced Stuxnet back to June 2009 , with attacks likely beginning the following month, when hackers apparently stole digital certificate keys from a pair of Taiwanese software firms, then used them to sign two versions of the worm.

Adobe Reader(http://www.downloadatoz.com/toplight/adobe+reader.html) is the global standard for electronic document sharing tool to open and use Adobe PDF created in Adobe Acrobat(http://www.downloadatoz.com/toplight/adobe+acrobat.html). Although the users can not create PDF in Adobe Reader, they can use it to view, print and manage PDF files. PDF files are compact and can be shared, viewed, navigated, and printed exactly by anyone with Adobe Reader.

# # #

Provide all the software for downloading on Downloadatoz. Get the information of strength and weakness of some program.