Researchers are warning of malicious Adobe PDF documents circulating online. The documents cause Adobe Reader to crash and allow hackers to exploit a hole in Adobe’s Flash player.
This has to be one of the most confusing exploits ever- or the most inventive. Hackers have found a way to exploit a security issue in Adobe Flash using an issue in Reader which is a totally separate piece of software.
The technical analysis of this security issue is that it’s a heap overflow and code execution vulnerability. This means that the PDF causes the user’s system to lock up and then executes malicious code on their computer.
While the malicious PDF is hacking into an infected computer, it also communicates back to a server on the Internet. It’s not clear yet whether it is sending usernames and passwords for hackers to use later.
The vulnerability exists in Adobe’s Flash Player version 9.0, 9.1 and 9.12. Adobe is working furiously to get a fix out before a widespread attack can take place.
There’s no word on when exactly a fix will be delivered. Adobe is planning to get a patch out by next week, but it’s not yet completed.
Users concerned about this issue can rename the file authplay.dll that contains the security breach. This will cause PDF documents containing Flash content in the form of .SWF files to crash.
This file is generally located at either C:\Program Files\Adobe\Reader 9.0\Reader\authplay.dll or C:\Program Files\Adobe\Acrobat 9.0]\Acrobat\authplay.dll. However, it’s likely easier just to be careful with surfing untrusted Web sites and opening PDF documents until a fix is released.
The ability to include Flash animations within PDF documents is just one more way that the Web is finding its way into our daily lives. However, it’s just these types of areas where hackers are more likely to find vulnerabilities that can help them take over our systems.