Blog

Target: IT Professionals

Tags: Malware, Vulnerability, Zero-Trust, CVE-2023-26369, Isolation

Adobe has released security updates to address a zero-day vulnerability in Acrobat and Reader, identified as actively exploited in the wild. Though the full scope of these attacks has yet to be disclosed [1], it has been confirmed that the vulnerability affects both Windows and macOS platforms [2].

Interestingly, this vulnerability is easily exploitable by attackers, yet it does not require high-level system permissions. It is, however, confined to local attacks and demands user interaction, as described in its CVSS v3.1 assessment. Adobe has tagged this flaw with the identifier CVE-2023-26369, marking it with the highest urgency. They strongly advise system administrators to install the updates promptly.

It is worth noting that cyber adversaries often target Adobe Portable Document Format (PDF) readers due to the adaptability of the file format and the widespread use of PDF files. Case in point, CVE-2021-21017 leveraged a buffer overflow [3]. This attack happens when a process’s memory area, designed to house dynamic variables (the heap), becomes overloaded. Should a buffer overflow arise, the impacted software typically malfunctions. In the case of this specific vulnerability, it paved the way for attackers to run arbitrary code on compromised systems. Other vulnerabilities in Adobe were exploited successfully in the past.

How to Prevent New Zero-Day Attacks?

A zero-day attack capitalizes on a software vulnerability that remains unknown to those who could remedy it, notably the software’s vendor. Since the flaw remains undisclosed, neither the software users nor its vendor has time to prepare against “zero days” attacks. Once the exploit becomes recognized, it is assigned a CVE number.

The pressing question arises: How can one shield against an unseen threat?

The answer is rooted not in detecting the zero-day attack but in its prevention. This is why we created BUFFERZONE® Safe Workspace™.

BUFFERZONE Safe Workspace™ is a comprehensive defense suite anchored in application isolation technology. This arsenal features the Safe Browser, SafeBridge® (boasting Content Disarm and Reconstruction functions), Safe Mail, and Safe Removable (geared towards thwarting USB-based attacks), all fortified with clipboard security. At its core, the Safe Workspace™ deploys a virtual container constructed by a kernel driver. This container bifurcates the operating system into dual logical realms:

Trusted Zone: A non-isolated region connected to the organization’s resources.

Untrusted Zone: Serving as a protective buffer, this zone enables various applications to operate in isolation, cordoned off from the memory, files, registry, and processes of the trusted zone.

Safe Workspace™ is a reliable solution that allows users to access USB files, email attachments, and downloaded content. It provides a protective virtual container that isolates potential threats from the broader environment, ensuring that malware cannot reach or compromise sensitive organizational data. The virtual container is periodically deleted and rebuilt; detection engines can scrutinize it for added security. By containing potential threats in isolation, BUFFERZONE prevents malicious entities from proliferating within an organization.

References

[1] Sergiu Gatlan, Adobe warns of critical Acrobat and Reader zero-day exploited in attacks, https://www.bleepingcomputer.com/news/security/adobe-warns-of-critical-acrobat-and-reader-zero-day-exploited-in-attacks/

[2] Adobe Security Bulletin, https://helpx.adobe.com/security/products/acrobat/apsb23-34.html

[3] Lindsey O’Donnell , Attackers Exploit Critical Adobe Flaw to Target Windows Users, https://threatpost.com/google-chrome-zero-day-windows-mac/163688/