![]() ![]() Please enable JavaScript to view the comments powered by Disqus.Ĭopyright © 2022 IDG Communications, Inc. This is a rare case when the attackers were able to find vulnerabilities and write exploits for the Adobe Reader software and the operating system,” Cherepanov wrote. “Usually, sandbox bypass is achieved by exploiting a vulnerability in the operating system itself. The sandbox is meant to thwart attempts to compromise a computer running Adobe Reader. ![]() While these exploits are typically reserved for high-value targets, there are concerns that Double Kill and the Acrobat Reader/Windows flaws will be appealing to cybercriminals for indiscriminate attacks on average users.Īccording to Cherepanov, the Reader/Windows attack was a “rare case” that attackers could develop exploits that bypassed the Acrobat Reader Protected Mode sandbox without finding a vulnerability in the underlying operating system. Adobe’s updated bulletin brings its advisory in line with information in Microsoft’s advisory that said there were attacks in the wild against a previously undisclosed elevation of privilege flaw affecting Windows.Ĭherepanov today filled in the gaps in a blog post revealing that the source of the two vulnerabilities was a malicious PDF document that combined both flaws to exploit a remote code execution vulnerability in Adobe Reader and elevate privileges on a vulnerable Windows machine.Īs with the “Double Kill” Internet Explorer exploit that Microsoft also patched in May, Cherepanov suggests the combined attack on Adobe Reader and Windows was the work of state-sponsored hackers. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |