Attackers have been exploiting a zero-day in Adobe Reader via specially crafted PDFs since at least December, using a sophisticated fingerprinting-style exploit that runs on the latest Reader without user interaction. The exploit harvests local data using Acrobat APIs and can deploy follow-on RCE/SBX stages, so researchers advise not opening PDFs from untrusted sources until Adobe issues a patch. #AdobeReader #HaifeiLi
Keypoints
- A zero-day Adobe Reader vulnerability has been exploited via malicious PDFs since at least December.
- The attacks use a sophisticated fingerprinting-style PDF exploit that requires only opening the file.
- Compromised systems are having data stolen using Acrobat APIs like util.readFileIntoStream and RSS.addFeed.
- The exploit can deploy additional RCE/SBX stages, potentially allowing full system takeover.
- Researchers recommend avoiding untrusted PDFs and blocking User-Agent traffic containing βAdobe Synchronizerβ until patched.