Research

CVE-2014-0546 used in targeted attacks – Adobe Reader Update

CVE-2014-0546 used in targeted attacks.

Today Adobe released the security bulletin APSB14-19, crediting Kaspersky Lab for reporting CVE-2014-0546.

This out of band patch fixes a rather creative sandbox escape technique that we observed in a very limited number of targeted attacks.

adobe

At the moment, we are not providing any details on these attacks as the investigation is still ongoing. Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible.

You can grab the Adobe Reader updates here.

CVE-2014-0546 used in targeted attacks – Adobe Reader Update

Your email address will not be published. Required fields are marked *

 

  1. Lars Groh

    I’m afraid I don’t quite get the “out of band” part – after all it’s Adobe Patch Tuesday.

    Confused,
    Lars

  2. Costin Raiu

    This was indeed an out-of-band update. Updates for Reader and Acrobat (!) are shipped quarterly (the next regularly scheduled update is September). Adobe felt this was an important issue and decided to issue an out-of-band patch.

    Thanks,
    C

  3. Amy Smith

    I recently purchased a new laptop that didn’t come with Adobe Reader. The first time I downloaded it I got some kind of virus that was attached to my browser and changed all my browser (at the time Mozilla Firefox) settings, changed my search engine to something I’d never heard of. It took me a while to figure out what happened and figure out how to correct it but Kaspersky didn’t prevent it from happening or warn me that it had happened.

    I waited about 6 weeks before attempting to download Adobe Reader again, and with that download ended up with a Trojan virus. Kaspersky caught it immediately, cleaned it up, quarantined it, etc. an I deleted Adobe from my computer. I downloaded it again the next day and the very same thing happened. I’m pretty sure the most recent, patched, free version is what I downloaded from Adobe’s site. So whatever the problem is – it’s not fixed. if it’s known that this is happening perhaps Adobe should stop allowing people to download the free version until the problem is fixed. That’s an entire day of wasted productivity when you have to stop everything you’re doing and clean up that mess.

  4. Lars Groh

    Got it – thanks for clarification.
    L.

  5. David

    Can it be indicated whether this exploit is effective with JavaScript and all other active content features disabled?

    Does EMET 5.0 mitigate it?

  6. David

    Also, independent of EMET and disabled-JavaScript, does AcroRdr32 version 11 “protected mode” mitigate this attack? Though XP is no longer supported, does the lack of ASLR and often DEP on that platform allow exploitation of AcroRdr32 in protected-mode?

  7. manish sardiwal

    Thanks for clarification.
    If you can provide md5 for the same.

    Thank you.

  8. Pam

    what abou t Adobe Flash player and active x and Air – do they need updating to a certain level. I have been having problems with adware which is supposed to be the ‘legal’ type. Kaspersky is sorting it when I run a scan but yesterday I had 16 hits.

Reports

Operation TunnelSnake

A newly discovered rootkit that we dub ‘Moriya’ is used by an unknown actor to deploy passive backdoors on public facing servers, facilitating the creation of a covert C&C communication channel through which they can be silently controlled. The victims are located in Africa, South and South-East Asia.

APT trends report Q1 2021

This report highlights significant events related to advanced persistent threat (APT) activity observed in Q1 2021. The summaries are based on our threat intelligence research and provide a representative snapshot of what we have published and discussed in greater detail in our private APT reports.

The leap of a Cycldek-related threat actor

The investigation described in this article started with one such file which caught our attention due to the various improvements it brought to this well-known infection vector.

Subscribe to our weekly e-mails

The hottest research right in your inbox