Patch/Configuration Management, Vulnerability Management

Adobe Reader attacks continue two years after patch

JavaScript-based attacks taking advantage of an Adobe Reader and Acrobat vulnerability patched in 2010 are continuing in waves, Symantec researchers said this week. The security bug relates to an invalid TIFF value that corrupts the image file format's parser, senior software engineer Jason Zhang said in a blog post. Symantec said its technology has blocked more than 10,000 malicious PDF file attempts over the past two weeks, with the largest campaign coming on Feb. 16, two years to the date after the flaw was patched. Users are advised to update their Reader and Acrobat software.

Related

Attacks with BlueKeep, Microsoft Office exploits launched by Kimsuky-linked group

Threat operation Larva-24005, which is associated with North Korean state-backed advanced persistent threat group Kimsuky, has been leveraging the critical Microsoft Remote Desktop Services flaw BlueKeep, also tracked as CVE-2019-0708, and the high-severity Microsoft Office Equation Editor vulnerability, tracked as CVE-2017-11882, to infiltrate organizations in Japan and South Korea, with the latter's financial, energy, and software sectors targeted since October 2023, The Hacker News reports.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

Related Terms

BugBuffer OverflowDisassembly

You can skip this ad in 5 seconds