New zero-day exploit circumvents Adobe Reader's Protected Mode

Crashed Terminal

Cybercrime investigation company Group-IB has discovered a zero-day Adobe Reader X and XI exploit that is immune to the program's new Protected Mode. Announced in July, Reader's sandboxing capabilities add an extra layer of defense by securing malicious code found in PDFs and restricting what kinds of actions these files can execute. As explained by IDG, the exploit is not affected by the program's Protected Mode and can be launched even if Javascript support is disabled — many Reader exploits rely on Javascript code embedded into PDF files. Firefox and Internet Explorer users are potential victims, while Chrome's added built-in security causes the code to fail. Group-IB has identified the vulnerability as being part of the "Blackhole Exploit-Kit," a tool that is utilized to deploy banking Trojans.

The exploit — which is currently being sold on the black market for $30,000 to $50,000 — has been submitted to Adobe's Product Security Incident Response Team, although the company has yet to deliver a response or issue a fix. The mere existence of the vulnerability questions the effectiveness of the app's highly-touted preventative measure — but should the exploit be verified, Adobe will likely issue a prompt emergency update to Reader.

The Verge
Log In Sign Up

Log In Sign Up

Forgot password?

We'll email you a reset link.

If you signed up using a 3rd party account like Facebook or Twitter, please login with it instead.

Forgot password?

Try another email?

Almost done,

By becoming a registered user, you are also agreeing to our Terms and confirming that you have read our Privacy Policy.



Choose an available username to complete sign up.

In order to provide our users with a better overall experience, we ask for more information from Facebook when using it to login so that we can learn more about our audience and provide you with the best possible experience. We do not store specific user data and the sharing of it is not required to login with Facebook.