Zero-Day Xmas Present
Earlier today, we received a tip from a source that there is a possible Adobe Reader and Acrobat 0-day vulnerability in the wild. We have indeed confirmed the existence of a 0-day vulnerability in these products. The PDF files we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H.
We have reported our findings to Adobe who have acknowledged the vulnerability in this blog.
The analysis is still ongoing, so more details to follow. In the meantime, I recommend everyone to be extra vigilant during this holiday season, especially when receiving emails from an unknown person.