A Russian security company has found a zero-day vulnerability in the latest versions of Adobe's PDF reader software that's fetching between $30K and $50K on the black market.
The exploit, is reportedly being used to install banking malware, is also packaged up in the new version of the Blackhole Exploit Kit, used to distribute the banking Trojans Zeus, Spyeye, Carberp, and Citadel.
That could turn a big problem into a bigger and more widespread one. As it is, notes KrebsonSecurity, Blackhole is currently the most prevalent exploit kit in use.
The security firm, Group-IB announced the vulnerability on Wednesday.
The researchers said that the vulnerability is able to get around the built-in sandboxing protection that Adobe added to its Reader application with the release of version X (version 10) in July, in an attempt to keep potentially malicious PDF files at arm's distance from the operating system by running them in a confined environment.
Andrey Komarov, the Head of International Projects Department at Group-IB, said in the announcement that the vulnerability has great appeal for cybercriminals, given that it's the first time they've found a way to bypass Adobe X's sandbox, which is also built into the latest Adobe Reader XI
Read more: http://nakedsecurity.sophos.com/2012/11/08/adobe-reader-zero-day-exploit-thwarts-sandboxing/
