Less than a week ago, Adobe and Google released updates to protect PDF documents from further exploits, but this week another attack has been cited by anti-malware firm F-Secure.
F-Secure blogged about the attack this week, and its location in a PDF file that appears to come from the United States Department of Defense. The document cites a real conference happening in Vegas in March, according to F-Secure’s blog. The blog goes on to note that, ‘When opened to Adobe Reader, the file exploited the CVE-2009-4324 vulnerability.’
The vulnerability is the same doc.media.newPlayer vulnerability that Adobe patched last week. According to F-Secure, the exploit drops the file Updater.exe and this provides a backdoor to an IP address that then bypasses the local web proxy upon connection. The blog notes, ‘Anybody who controls that IP will gain access to the infected computer and the company network.’ F-Secure identified the actual IP address as being located in Taiwan.
Adobe has not implemented its auto update functionality for Acrobat or Reader’s user base as of yet so it’s important to go to Adobe and implement the patch release that was released on January 12th by Adobe.
F-Secure as well as other anti-malware companies have predicted that new attacks continue to surface as more companies implement general usage of PDF documents.