Adobe Reader 0-day security hole discovered by Group IB security researchers that allows an attacker to jump out of the sandbox and execute shellcode with the help of malformed PDF documents.
At the time, the code was apparently already selling on the black market for “approximately 30 000 – 50 000 USD.”Adobe told us it was investigating, and the story hasn’t gone anywhere, until now.
So, why hasn’t the hole been secured yet? Adobe tells us that Group IB Is not being very cooperative:
We are aware of the claim by Kris Kaspersky and Group IB. We have been in communication with both Kris Kaspersky and Group IB since November 8 to make a determination whether or not this is in fact a vulnerability and a sandbox bypass. To this day, we have not yet received a Proof-of-Concept/sample. Without it, there is nothing we can do, unfortunately—beyond continuing to monitor the threat landscape and working with our partners in the security community, as always. We will update you as soon as we have new information and a determination can be made.
Put differently, Adobe either needs to win over Group IB to cooperate, or find the exploit on its own. Group IB laid claim that the exposure was already admitted in a recent custom version of Blackhole Exploit Kit
