magmatic.com - Squawk Box

There are reports that an vulnerability is being exploited in the wild that affects Acrobat 9.2 and Acrobat Reader. It appears that it has been reported by three different security companies to Adobe today. Users should disable Java Script in Acrobat and only open trusted files. Acrobat files from public sources should not be opened on a Mac while using root or administrator privileged account. Users should use Preview.app to open, view and print PDF files.

Update on Tuesday, December 15, 2009 at 01:40PM by

drStrangeP0rk

Symantec has named it Trojan.Pidief.H which drops and then executes the following on Windows Machines. It would seem that it is a malicious executable named AdobeUpdate.exe.

%Temp%\AdobeUpdate.exe

It can install an infostealer from the following domain http://foruminspace.com/documents/dprk/ab.[*] call ab.exe. It apears that the exploit is targeting the Windows platform at this time but this can change. Users should block foruminspace.com, disable Java Script and set Preview.app as the default reader of PDF files.

From http://www.robtex.com/

robtex foruminspace.com

Update on Wednesday, December 16, 2009 at 09:25AM by

drStrangeP0rk

Adobe has posted instructions on how to disable JavaScript in Acrobat and Reader.

http://www.adobe.com/support/security/advisories/apsa09-07.html

Update on Thursday, January 7, 2010 at 11:03PM by

drStrangeP0rk

Update is expected to be released 1/12/2010 to address CVE-2009-4324.

http://blogs.adobe.com/psirt/2010/01/pre-notification_-_quarterly_s_1.html

Update on Tuesday, January 12, 2010 at 09:38PM by

drStrangeP0rk

Adobe has released and update to Acrobat Reader and Acrobat.

http://blogs.adobe.com/psirt/2010/01/security_update_released_for_a.html