Skip to main content

Adobe says Reader flaw can't be patched since security researchers who found it aren't cooperating

posted onNovember 22, 2012
by l33tdawg

Earlier this month, we wrote about an alleged Adobe Reader 0-day security hole discovered by Group IB security researchers that allows an attacker to jump out of the sandbox and execute shellcode with the help of malformed PDF documents. At the time, the code was apparently already selling on the black market for “approximately 30 000 – 50 000 USD.” Adobe told us it was investigating, and the story hasn’t moved forward since, until now.

While doing my usual security scavenging on the Web, I stumbled upon this video, which shows two researchers successfully getting out of Adobe Reader’s sandbox (introduced in version 10, and of course still present in the latest version 11):

Source

Tags

Adobe Security

You May Also Like

Recent News

Friday, November 29th

Tuesday, November 19th

Friday, November 8th

Friday, November 1st

Tuesday, July 9th

Wednesday, July 3rd

Friday, June 28th

Thursday, June 27th

Thursday, June 13th

Wednesday, June 12th

Tuesday, June 11th