Adobe confirms second code-execution hole in PDF Reader
August 4, 2010
An Internet security researcher has uncovered a second vulnerability in Adobe Reader that allows potential hackers to execute malicious code on PCs by tricking their users into opening booby-trapped files.
Charlie Miller, principal security analyst at Independent Security Evaluators, disclosed the critical security flaw at last week's Black Hat security conference in Vegas.
It stems from an integer overflow in part of the application that parses fonts, he said.
This leads to a RAM memory allocation that's too small, allowing attackers to run code of their choosing on the underlying machine. There are no reports of the flaw being targeted for malicious purposes, however.
Details of Miller's discovery come as hackers are exploiting a separate font-parsing bug in the PDF reader built by Apple to jailbreak the latest iPhone. While the hack is harmless, security firms including Symantec and McAfee have warned that the underlying flaw, when combined with a second one, could be used to execute malicious code on the Apple smartphone.
Apple has yet to acknowledge the vulnerabilities, however. Phone calls to the company weren't returned as of yesterday, but Adobe did confirm the second security flaw on its website.
Brad Arkin, senior director of product security and privacy at Adobe, said members of the company's security team attended Miller's talk and have since confirmed his claims that the vulnerability can lead to remote code execution.
The security team is in the process of developing a fix and deciding whether to distribute it during Adobe's next scheduled update release or as an “out-of-band” fix that would come out in the next few weeks.
“There's some information in the slides and screenshots of some of the crash information. As we evaluate what's the right response, we're going to look into the issue and decide if that information is sufficient and if so, how long would it take for someone with malicious intent to convert that into a successful exploit,” added Arkin.
Miller's discovery is the latest in documenting a security vulnerability in Adobe Reader that puts its users at risk of attacks that can surreptitiously install malware and viruses that steal computer passwords or other sensitive and personal data.
The security vulnerability affects all versions for Windows, Unix and Mac OS X.
Key to the decision is determining whether there are enough details available from Miller's talk for the vulnerability to be exploited in real-world attacks.
Miller discussed the unpatched Adobe Reader hole during a demonstration of a security software tool called BitBlaze, which helps security researchers analyze bugs.
The tool was also instrumental in helping Miller gain insights into two additional exploitable security holes in OpenOffice that still remain unpatched as of today.
Source: Adobe Software.
You can link to the Internet Security web site as much as you like.