Posted by: Robert Westervelt
Adobe, risk, zero-day
The sky is not falling.
Just as some places have a law against shouting “fire” in a crowded theater, those responsible for issuing warnings and protecting customers need to take heed. Those who write about flaws should be clearly explaining the threat level so readers can assess the risks. Too many times the threat is clouded making risk assessment extremely difficult.
Second, the threat is minimal — extremely minimal. Security vendors that track these threats are not releasing infection estimates. Hmm. I wonder why? Kevin Haley, director of security response at Symantec told me the attacks began appearing in the wild in Japan. They have been spreading slowly for several reasons. The attack has been largely unsuccessful. The malicious Adobe file is spreading in an email message that can be detected as malicious and filtered out. And the message being sent is detected as spam in most cases. The threat can also spread if a user visits a website hosting a malicious PDF file. This can be mitigated by disabling Internet Explorer from auto-opening PDF files.
If your firm can’t handle the increased risk, Sourcefire released a homebrew patch for Adobe 9 users. There’s no guarantee the patch will block an attack. But if your users are using common sense and opening Adobe files from only trusted users and other protections are in place, the risk of infection should be minimal until Adobe issues an update plugging the hole.
There’s no doubt the risk level increases over time when new variants exploiting the code show up in the wild.
Is this a good time to mention Foxit Reader or other alternative PDF readers?