Thursday, January 27, 2022

Adobe Reader Zero-Day can’t be patched since researchers aren’t responding

Adobe Reader 0-day security hole discovered by Group IB security researchers that allows an attacker to jump out of the sandbox and execute shellcode with the help of malformed PDF documents.

At the time, the code was apparently already selling on the black market for “approximately 30 000 – 50 000 USD.”Adobe told us it was investigating, and the story hasn’t gone anywhere, until now.

So, why hasn’t the hole been secured yet? Adobe tells us that Group IB Is not being very cooperative:

We are aware of the claim by Kris Kaspersky and Group IB. We have been in communication with both Kris Kaspersky and Group IB since November 8 to make a determination whether or not this is in fact a vulnerability and a sandbox bypass. To this day, we have not yet received a Proof-of-Concept/sample. Without it, there is nothing we can do, unfortunately—beyond continuing to monitor the threat landscape and working with our partners in the security community, as always. We will update you as soon as we have new information and a determination can be made.

Put differently, Adobe either needs to win over Group IB to cooperate, or find the exploit on its own. Group IB laid claim that the exposure was already admitted in a recent custom version of Blackhole Exploit Kit

About FastFlux

Owner of ZeroSecurity, interested in programming, malware analysis and penetration testing. If you would like to write for the ZeroSecurity team, please use the contact form above.

Check Also

Amazon hacked – hacker leaks 80,000 login credentials

A hacker going by the name 0x2Taylor has said to have breached the servers of …