In the first quarter of 2010, Adobe products were the number one target for hackers. It is believed the reason for this is because of the multi-platform capability of Adobe products like Flash and Acrobat PDF. Many users are not aware of the dangers of opening PDF files from unknown parties.
The Adobe Reader & Acrobat exploit Pdfka was by far the most common at 42.97%. Combining two of the most common exploits for Adobe products yields almost 50% of the total exploits found in that quarter. Many Adobe users do not frequently update their software to the latest versions much less apply recent patches.
Many agree Adobe has never responded to security vulnerabilities in their popular products quickly. Known vulnerabilities would take weeks and in some cases months before being addressed. Most recently in February Adobe confirmed a known vulnerability in their Acrobat PDF software and admitted the vulnerability is actively being used by hackers. Brad Arkin, Adobe’s director for product security and privacy mentions this event is what prompted a new security practice.
Adobe has started reviewing the code in Adobe Reader and Adobe Acrobat products and is identifying “at-risk areas” that will be addressed and ultimately re-written. “We’re going to broadly look at the whole application, but focus on at-risk areas, where we’ll do threat modeling, static code analysis and look for potential vulnerabilities,” said Arkin. “We’re going to do a lot more pro-active work,” he promised. “We want to shake loose vulnerabilities.”
More information on Adobe Acrobat’s new security initiative can be found on Adobe’s Asset blog.
More flaws have been found in how Adobe Acrobat handles PDF files that allows them to be transports for malware installation. These flaws can be used to exploit PDF to install gain complete control of a remote machine and completely silently.
PDF files are commonly transferred by email in the business environment and embedded into websites. Because PDF files are common trusted to be a safe medium and have wide spread usage these flaws are a huge attack vector.
This exploit appears to be limited to Adobe Acrobat versions 7.0, 8.0, and 8.1.