Google releases attack code for serious Adobe Reader bug

Windows users who haven’t updated to the latest version of Acrobat and Adobe Reader probably should do so right now, after a Google security researcher revealed details of a vulnerability affecting the pair, and how to exploit it.


As Adobe noted in its September security update for Acrobat and Reader on Windows, version 11.0.8 of the two programmes was vulnerable to a sandbox bypass that could allow an attacker to run native code with escalated privileges on Windows. US-CERT gave it a severity rating of 10.

The bug was discovered by James Forshaw, a security researcher in Google’s Project Zero initiative. Forshaw has now released further details of the flaw, making it more important for Windows users to update to version 11.0.9 of Acrobat and Reader, since attackers can use the information to devise an attack for the vulnerability. Details released this week include a proof of concept exploit, source code, and pre-compiled binaries.

Project Zero is part of Google’s effort to clean up widely-used third-party software with the aim of reducing the number of people potentially harmed by zero-day attacks. The program is separate to its own bug bounty program for researchers who report flaws in Google software.

Flaws discovered by the Project Zero team are housed in an external database and are kept under wraps until the vendor of the affected product issues a patch for it, or 90 days after it was reported to the vendor. In this case, Adobe has released a

Read Full Article at ZDNET

Ehacking Staff
With more than 50 global partners, we are proud to count the world’s leading cybersecurity training provider. EH Academy is the brainchild of Ehacking, which has been involved in the field of training since the past Five years and continues to help in creating professional IT experts.

Most Popular

The Complete OSINT Tutorial to Find Personal Information About Anyone

This article mainly focuses on how to discover a person's digital footprint and gather personal data by using open-source intelligence (OSINT). So, in its...

How to find the password of hacked email addresses using OSINT

Open-source intelligence or OSINT is a potent technique, and it can give a lot of valuable information, if implemented correctly with the right strategy...

How to Identify Company’s Hacked Email Addresses Using Maltego & HaveIbeenPawned

This article is part of the Maltego OSINT tutorial, where you will learn to identify the already hacked account, and it’s password using the...

5 Key Vulnerabilities in Global Payroll

The cyber threat against payroll is growing in sophistication and frequency, according to the latest FBI cybercrime report. Many of these attacks exploit fixable...