Skip to main content

Adobe says Reader flaw can't be patched since security researchers who found it aren't cooperating

posted onNovember 22, 2012
by l33tdawg

Earlier this month, we wrote about an alleged Adobe Reader 0-day security hole discovered by Group IB security researchers that allows an attacker to jump out of the sandbox and execute shellcode with the help of malformed PDF documents. At the time, the code was apparently already selling on the black market for “approximately 30 000 – 50 000 USD.” Adobe told us it was investigating, and the story hasn’t moved forward since, until now.

While doing my usual security scavenging on the Web, I stumbled upon this video, which shows two researchers successfully getting out of Adobe Reader’s sandbox (introduced in version 10, and of course still present in the latest version 11):



Adobe Security

You May Also Like

Recent News

Monday, January 15th

Friday, January 12th

Thursday, January 11th

Wednesday, January 10th