Skip to main content

New zero-day exploit circumvents Adobe Reader's Protected Mode

New zero-day exploit circumvents Adobe Reader's Protected Mode

Share this story

Crashed Terminal
Crashed Terminal

Cybercrime investigation company Group-IB has discovered a zero-day Adobe Reader X and XI exploit that is immune to the program's new Protected Mode. Announced in July, Reader's sandboxing capabilities add an extra layer of defense by securing malicious code found in PDFs and restricting what kinds of actions these files can execute. As explained by IDG, the exploit is not affected by the program's Protected Mode and can be launched even if Javascript support is disabled — many Reader exploits rely on Javascript code embedded into PDF files. Firefox and Internet Explorer users are potential victims, while Chrome's added built-in security causes the code to fail. Group-IB has identified the vulnerability as being part of the "Blackhole Exploit-Kit," a tool that is utilized to deploy banking Trojans.

The exploit — which is currently being sold on the black market for $30,000 to $50,000 — has been submitted to Adobe's Product Security Incident Response Team, although the company has yet to deliver a response or issue a fix. The mere existence of the vulnerability questions the effectiveness of the app's highly-touted preventative measure — but should the exploit be verified, Adobe will likely issue a prompt emergency update to Reader.