Security Protection – Harry Waldron MVP Rotating Header Image

Adobe PDF Security – First exploit to compromise Sandbox security controls

McAfee Labs shares an interesting and in-depth article on the first exploit to bypass sandbox controls added in version 10 and higher for Adobe.  Adobe users will greatly improve their security by being on the latest version, as active attacks are circulating for version 9 or lower.

http://blogs.mcafee.com/mcafee-labs/analyzing-the-first-rop-only-sandbox-escaping-pdf-exploit

http://blogs.mcafee.com/mcafee-labs/digging-into-the-sandbox-escape-technique-of-the-recent-pdf-exploit

http://blogs.mcafee.com/mcafee-labs/adobe-flash-zero-day-attack-uses-advanced-exploitation-technique

QUOTE: As promised in our previous blog entry for the recent Adobe Reader PDF zero-day attack, we now offer more technical details on this Reader “sandbox-escape” plan. In order to help readers understand what’s going on there, we first need to provide some background.  The Adobe Reader sandbox consists of two processes: a high-privilege broker process and a sandboxed renderer process; the latter is responsible for rendering the PDF document.  Adobe has now released the official patch for these critical vulnerabilities. As always, we strongly suggest that users apply the patch as soon as possible

Comments are closed.