Group-IB US: Zero-day vulnerability found in Adobe X

By Asrokhel
in Back Page News

 Share

Recommended Posts

Mentor

Asrokhel

Posted
Posted

NEW YORK ? There is new vulnerability in Adobe X which helps to execute its own shellcode with help of malformed PDF-documents with specially crafted forms.

The vulnerability is also included in new modified version of "Blackhole Exploit-Kit?, which is used for the distributing the banking Trojans (Zeus, Spyeye, Carberp, Citadel) with the help of exploitation different vulnerabilities in client-side software.

Andrey Komarov, the Head of International Projects Department of Group-IB: ?The vulnerability has some limitations, for example it could be successfully exploited only after the user will close the browser and restart it. Another variant is to organize interaction between the victim and the malformed PDF-document. Either way, the vulnerability is has very significant vector to be spread with bypassing of internal Adobe X sandbox, which is appealing for cybercrime gangs because in the past there was no documented method of how to bypass it with shellcode execution.?.

The end price on this vulnerability on black market is approximately 30 000 ? 50 000 USD. For now this flaw is distributed only in only small circles of the underground but it has the potential for much larger post-exloitation methods.

Dan Clements, Managing Partner of Group-IB US: ?As more and more of these unpatchable zero day threats pop up in application software and operating systems, it provides bot authors more opportunities to design more creative methods to get their malware loaded into a victims computer?.

The POC of the zero-flaw found in Adobe X was published in YouTube by Group-IB US threat intelligence team:

About Group-IB

Group-IB is the first company in Russia and the former Soviet Union working professionally and comprehensively in cybercrime investigation, information security breaches, and computer forensics. As part of the company, a computer forensics lab provides independent computer forensic investigations, including for Russian law enforcement agencies. Created on the basis of Group-IB, CERT-GIB operates as the first private computer emergency response team in Russia. Group-IB is part of LETA Group.

http://www.group-ib....ound-in-adobe-x

This topic is now closed to further replies.
 Share
Go to topic listing

  • Recently Browsing   0 members

    • No registered users viewing this page.

  • Posts

    • What are you listening to?

      By darkz · Posted

    • Neowin's 2026 Desktop Thread

      By darkz · Posted

      👽
    • Nvidia 610.62 driver lands with big bug fixes and Empulse support

      By excalpius · Posted

      Also, Guru3D.com always has some pros and experts lurking in the comments.
    • This 4K webcam from Acer is now only $59.99

      By Jaybonaut · Posted

      If anyone is wondering, it's 30fps at 4K
    • This 4K webcam from Acer is now only $59.99

      By TarasBuria · Posted

      This 4K webcam from Acer is now only $59.99 by Taras Buria Those looking for an affordable, high-resolution webcam from a reputable manufacturer can check out the latest deal from Acer, which puts its 4K webcam at a solid price. Thanks to a 14% discount, you can buy this all-metal 4K webcam from Acer for just $59.99. Despite the affordable price tag, the webcam has a pretty large 1/2" CMOS sensor manufactured by Sony. Apart from its size, it supports additional conveniences, such as high dynamic range and phase-detection autofocus (PDAF). Plus, the camera ensures you do not have to buy additional audio equipment, as it comes with two built-in high-sensitivity microphones, a built-in background noise filter, and the ability to pick up your voice from up to 2.5 meters away. Acer is not cheaping out on materials, and the webcam is enclosed in a more premium metal case, which is also good at heat dissipation (high-resolution cameras can get quite hot). And to make sure no one is peeping at you when the camera is in use, there is a magnetic cover also made of metal. Additional conveniences include an LED status indicator and a built-in mount that lets you place a camera on a tripod. Acer 4K Webcam for PC/Mac with All-Metal Unibody Sculpted - $59.99 | 14% off Good to know This Amazon deal is U.S.-specific and not available in other regions unless specified. We only use first-party seller links (at the time of article publishing); ensure that you purchase from a first-party seller link only. Check out Today's Deals on Amazon | or our recent tech deals. Become a Prime member (for Students or SNAP) via Neowin Get Prime Access - Prime for half price (for qualifying Medicaid, EBT, SNAP) Subscribe to Prime Video, Audible Plus, Music Unlimited, or Kindle Unlimited via Neowin As an Amazon Associate, we earn from qualifying purchases.

  • Recent Achievements

    • Conversation Starter
      NovaEdgeX earned a badge
      Conversation Starter
    • One Year In
      Console General earned a badge
      One Year In
    • One Year In
      Twozo Technologies earned a badge
      One Year In
    • One Month Later
      Twozo Technologies earned a badge
      One Month Later
    • Week One Done
      Twozo Technologies earned a badge
      Week One Done

  • Popular Contributors

    1. 1
      +primortal
      519
    2. 2
      +Edouard
      185
    3. 3
      PsYcHoKiLLa
      107
    4. 4
      Steven P.
      88
    5. 5
      ATLien_0
      67
    Show More

  • Tell a friend

    Love Neowin? Tell a friend!