October 4, 2013 By Dana Tamir 2 min read

In an important announcement yesterday, Adobe notified customers that its network had been breached. During this Adobe breach, the attackers illegally accessed information relating to 2.9 million Adobe customers and source code for numerous Adobe products. According to Adobe:

“Our investigation currently indicates that the attackers accessed Adobe customer IDs and encrypted passwords on our systems. We also believe the attackers removed from our systems certain information relating to 2.9 million Adobe customers, including customer names, encrypted credit or debit card numbers, expiration dates and other information relating to customer orders.”

The announcement doesn’t provide many details, but Adobe Acrobat may have been one of the compromised products, according to Brian Krebs, author of Krebs on Security, who conducted an interview with Adobe’s Chief Security Officer Brad Arkin.

“Arkin said Adobe is still in the process of determining what source code for other products may have been accessed by the attackers and conceded that Adobe Acrobat may have been among the products the bad guys touched,” Krebs wrote.

Risks of the Adobe Breach

The Adobe breach puts organizations and users at significant risk. If the source code for Adobe Reader or other popular Adobe applications was stolen, it means that cyber criminals now have the opportunity to search this code for unknown vulnerabilities and develop malicious code that exploits them. You can expect that we will soon have a stream of new, nasty, zero-day exploits.

Zero-day exploits are used to execute drive-by downloads. They are very effective because security solutions that are designed to detect threats are not yet familiar with these new, never-before-seen threats. Therefore, they do not block them. Since these exploits would be new, there wouldn’t be a patch available, either. Attackers can hide zero-day exploit code within a PDF document or other content such as Flash animations to create weaponized content. Then, a specifically crafted spear-phishing email is used to deliver the weaponized content to the targeted user. When the user opens the attachment or watches the animation, the code exploits the vulnerability to silently download malware on the user’s machine, so the user isn’t aware that this download has happened. But this malware, often a Remote Access Trojan, enables the attacker to access sensitive data or even gain full control over the user’s machine.

In many cases, the targeted user is an employee within a targeted organization. By compromising the user’s machine, the attacker gains a foothold within the targeted organization’s network. From here, the attacker can progress the attack and breach the organization. Since Adobe products are widely used, they have become a popular way to compromise employee endpoints and enable Advanced Packaging Tools and targeted attacks. Since users are accustomed to receiving PDF attachments and Flash movies on a daily basis, the exploitation of vulnerabilities in these applications is highly successful and puts many organizations at risk.

Adobe is planning to release security updates on Tuesday, Oct. 8, 2013. We recommend that users deploy these updates as soon as possible. For organizations concerned about zero-day exploits, we recommend considering the implementation of exploit prevention technologies.

More from Software Vulnerabilities

X-Force releases detection & response framework for managed file transfer software

5 min read - How AI can help defenders scale detection guidance for enterprise software tools If we look back at mass exploitation events that shook the security industry like Log4j, Atlassian, and Microsoft Exchange when these solutions were actively being exploited by attackers, the exploits may have been associated with a different CVE, but the detection and response guidance being released by the various security vendors had many similarities (e.g., Log4shell vs. Log4j2 vs. MOVEit vs. Spring4Shell vs. Microsoft Exchange vs. ProxyShell vs.…

MSMQ QueueJumper (RCE Vulnerability): An in-depth technical analysis

13 min read - The security updates released by Microsoft on April 11, 2023, addressed over 90 individual vulnerabilities. Of particular note was CVE-2023-21554, dubbed QueueJumper, a remote code execution vulnerability affecting the Microsoft Message Queueing (MSMQ) service. MSMQ is an optional Windows component that enables applications to exchange messages via message queues that are reachable both locally and remotely. This analysis was performed in collaboration with the Randori and X-Force Adversary Services teams, by Valentina Palmiotti, Fabius Watson, and Aaron Portnoy. Research motivations…

X-Force prevents zero day from going anywhere

8 min read - This blog was made possible through contributions from Fred Chidsey and Joseph Lozowski. The 2023 X-Force Threat Intelligence Index shows that vulnerability discovery has rapidly increased year-over-year and according to X-Force’s cumulative vulnerability and exploit database, only 3% of vulnerabilities are associated with a zero day. X-Force often observes zero-day exploitation on Internet-facing systems as a vector for initial access however, X-Force has also observed zero-day attacks leveraged by attackers to accomplish their goals and objectives after initial access was…

Topic updates

Get email updates and stay ahead of the latest threats to the security landscape, thought leadership and research.
Subscribe today