Security alert – Adobe Zero Day Vulnerability

from Zdnet

Malicious hackers are exploiting a zero-day (unpatched) vulnerability in Adobe’s ever-present PDF Reader/Acrobat software to hijack data from compromised computers.

According to an advisory from Adobe, the critical vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions. It is being exploited in the wild.

[ SEE: How to mitigate Adobe PDF malware attacks ]

The company has activated its security response process but declined to offer any more details until an investigation is complete.

Unfortunately, the company did not provide any mitigation guidance for customers.

The folks at ShadowServer describe the situation as “very bad.”

We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue. This is legit and is very bad.

Here’s what we know so far:

We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009. However, the number of attacks are limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe. We are fully aware of all the details related to the exploit but do not plan to publish them for a few reasons:

  1. There currently is no patch or update available that completely protects against this exploit.
  2. There is little to no detection of these malicious PDF files from most of the major Antivirus vendors.

With that said we can tell you that this vulnerability is actually in a JavaScript function within Adobe Acrobat [Reader] itself. Furthermore the vulnerable JavaScript is obfuscated inside a zlib stream making universal detection and intrusion detection signatures much more difficult.

In the interim, Adobe PDF Reader/Acrobat users are urged to immediately disable JavaScript:

Click: Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

Or, better yet, use an alternative PDF Reader software program.

[UPDATE: Adobe plans to patch this issue on January 12, 2010 ]

source: http://blogs.zdnet.com/security/?p=5119&tag=content;wrapper

Paper records are still better managed than Data

For many companies, management of electronic data is still worse than that of paper records, according to a recent study.

Information management industry group AIIM cited a recent survey of some 700 companies that indicated that many firms are still not taking management of digital records seriously.

The survey found that 26 per cent of companies have no official management policies for electronic records, while only 56 apply legal hold to electronic documents. Paper documents, by comparison, were retained for legal hold in 71 per cent of companies.

The advocacy group blames the disparity in part to muddled attitudes towards management of electronic data. The company suggested that for many enterprises, data retention and archiving is considered an IT issue rather than a records management issue.

“We found that over a third of organisations, if challenged, would not be confident that their electronic records had not been changed, deleted or inappropriately accessed,” said AIIM president John Mancini

“These companies would be at a major disadvantage in any legal action, defending or prosecuting.”

Management and retention of digital information has become a hot topic for enterprise IT in the past 10 years. Regulatory acts such as Sarbanes-Oxley and HIPA in the US have forced many companies to apply tighter standards to the way they manage information.

http://is.gd/3HURT