Information Security in Today's Digital Culture

YAAV (Yet Another Adobe Vulnerability)

October 8th, 2009 | Posted by Brett Edgar in Advisories | Malware | Windows

Another Adobe Acrobat vulnerability is being exploited in the wild. All versions up to and including 9.1.3 are vulnerable. The current exploit targets Acrobat and Acrobat Reader on Windows specifically, but all Acrobat variants (those for Linux and Mac OS X) are vulnerable. Apparently, using DEP (Data Execution Prevention) in Windows may thwart the attack (at the moment). DEP is an optional setting. Here is the Microsoft KB article about DEP, but their server is saying it’s “too busy” at the moment (4:11p). More information from the ISC is here.

Adobe is set to release an update on October 13. Until then, keep on your toes!

TRUE Network Security Monitoring customers: rest easier: if your resources are successfully attacked, we should see the results.

Brett Edgar

Brett Edgar

Brett is a Founder and the former Director of Managed Security Services at TRUE. He has been working in the system and network forensics field since graduating from the University of Tulsa with a B.S. Computer Science in 2003. He speaks hexadecimal fluently and is TRUE's resident human Ethernet transceiver. He holds CISSP, CSSLP, and CNSS 4011-4015 certificates, loves MLB and NCAA Football, and when he gets tired of hexadecimal, he goes home to hang out with his wife and kid.

More Posts - Twitter

You can follow any responses to this entry through the RSS 2.0 You can leave a response, or trackback.

Leave a Reply