尚品专家近日发现,Adobe Acrobat Reader近日暴发了高危的零日漏洞,影响到其8.1.0至9.0.0之间的所有版本,此漏洞会通过软件内置的JavaScript功能触发,如果用户默认启用Acrobat JavaScript,只要打开恶意的PDF文档就会中招,国外安全厂商也已正式发出预警,并将已经现形的样本分别命名为TROJ_PIDIEF.IN 和 Trojan.Pidief.E。鉴于Adobe官方尚未透露补丁的发布日期,黑客必然利用漏洞得到修复前的真空期大肆传播木马病毒,这一攻击趋势正在全世界范围内蔓延。请寻求尚品专家解决方案。
受影响版本:
“All of our testing was done on Adobe Acrobat Reader 8.1.0, 8.1.1, 8.1.2, 8.1.3 (latest release of 8), and 9.0.0 (latest release of 9). We have not confirmed via testing that the exploit actually works on Adobe Acrobat (non-Reader) but believe that it will also affect it as well. ”
漏洞:
“The malicious PDF’s in the wild exploit a vulnerability in a non-JavaScript function call. However, they do use some JavaScript to implement a heap spray for successful code execution. The malicious PDF’s in the wild contain JavaScript that is used to fill the heap with shellcode. Since this exploit relies on both JavaScript and non-JavaScript components there are some potential reliability issues which has led to confusion over which platforms are affected. ”
临时解决方案 (尚无补丁):
禁掉JavaScript
