Google releases attack code for serious Adobe Reader bug

Windows users who haven’t updated to the latest version of Acrobat and Adobe Reader probably should do so right now, after a Google security researcher revealed details of a vulnerability affecting the pair, and how to exploit it.


As Adobe noted in its September security update for Acrobat and Reader on Windows, version 11.0.8 of the two programmes was vulnerable to a sandbox bypass that could allow an attacker to run native code with escalated privileges on Windows. US-CERT gave it a severity rating of 10.

The bug was discovered by James Forshaw, a security researcher in Google’s Project Zero initiative. Forshaw has now released further details of the flaw, making it more important for Windows users to update to version 11.0.9 of Acrobat and Reader, since attackers can use the information to devise an attack for the vulnerability. Details released this week include a proof of concept exploit, source code, and pre-compiled binaries.

Project Zero is part of Google’s effort to clean up widely-used third-party software with the aim of reducing the number of people potentially harmed by zero-day attacks. The program is separate to its own bug bounty program for researchers who report flaws in Google software.

Flaws discovered by the Project Zero team are housed in an external database and are kept under wraps until the vendor of the affected product issues a patch for it, or 90 days after it was reported to the vendor. In this case, Adobe has released a

Read Full Article at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

How to Install Kali Linux on VirtualBox [Windows Host] in 2020

Kali Linux is a Debian based Linux distribution, released on the 13th March 2013 as a complete rebuild of BackTrack Linux. It is one of...

Acunetix v13 Release Introduces Groundbreaking Innovations

The newest release of the Acunetix Web Vulnerability Scanner further improves performance and premieres best-of-breed technologies London, United Kingdom – February 5, 2019 – Acunetix,...

What is Ethical Hacking, how to be an Ethical Hacker

Hacking is the process of discovering vulnerabilities in a system and using these found vulnerabilities by gaining unauthorized access into the system to perform...

Basic steps to ensure security Online!

Security concerns are growing day by day due to the growing interconnectivity and technology. Drastic things can happen if you be a little careless...