Tuesday, April 13, 2010

Malicious PDFs utilizing Launch Action Now Seen in the WILD!

Via sudosecure.net -

We all knew it was coming, so I doubt anyone is going to be shocked to learn that SophosLabs is reporting they have now seen the first instance of a malicious PDF file utilizing the Launch action. Paul from SophosLabs did a short blog posting found here: Troj/PDFEx-DF: SophosLabs sees malware exploiting /Launch. Now my only question concerning this instance is whether or not the malicious PDF file contained the logic or feature set to perform incremental updates on other PDF files. Adobe will be releasing their official patch for the Launch action tomorrow, but from all that I can tell it will not address the incremental update issue at all.


This article was from yesterday, Adobe patches are expected to be released today.

No comments:

Post a Comment