New Zero-Day Exploit Found Able To Penetrate Adobe Reader
Russian security firm Group-IB say that it has found a new vulnerability in the Adobe X platform, which allows hackers to execute shellcode commands within the internal sandbox. The vulnerability is being viewed as very dangerous as it easily allows hackers to spread banking Trojans like Zeus, Spyeye, Carberp, and Citadel with the help of other exploits in client-side software. However, Andrey Komarov, the Head of International Projects Department of Group-IB, reports that the exploit has its limitations. The only way the exploit could be successful is if the user were to close his or her browser and restart it. Another common method by hackers being used is organizing interaction between the victim and the malformed PDF-document. Regardless, this new vulnerability is gaining popularity due to their being no previous method of bypassing the Adobe X sandbox with shellcode execution.
The new vulnerability is reportedly being traded on the black market for roughly $30,000 to $50,000. So far, reports of usage are low due to trading among small circles of underground hackers, but it could have the potential of becoming widely distributed and used.