The PDF’s raw creation date further points to the Anonymous Press Release from yesterday being created in Greece, which happens to be the homeland of a graphic artist with the same name as the pdf’s author field, Alex Tapanaris.
Today, December 10th, Anonymous, an Internet gathering, released a press release which you can read below. In it, a description is provided of what Anonymous is about, what Operation Payback is, and where the media is getting it wrong. Also in it, its author forgot to remove his name in the pdf’s Meta information.
The big news hit earlier this week, the attack vector that allowed bad actors presumably from China into the networks of Google, Juniper, Adobe, and some 30 other firms was an Internet Explorer zero day, a use after free vulnerability on an invalid pointer reference affecting IE 6, 7, and 8 but only used in IE 6 according to Microsoft.
We have previously posted instructions for users to disable JavaScript, giving them the option to enable it only when necessary. However, if you have made the decision to make this change across your enterprise or to a specific user base, this manual process is not practical. Therefore, a Group Policy Object is best to handle the task at hand.
A critical vulnerability was discovered early this week in Adobe Reader and Acrobat versions 9.2 and earlier which could allow attackers to gain control of the affected system, not even a week after Adobe released a critical update for its Flash Player on patch Tuesday last week. The attack uses a weakness in a function called util.printd along with a heap spray implemented with Javascript to attempt to inject shell code.
Today marks the last Microsoft patch Tuesday of 2009, and Microsoft has released patches to six bulletins: MS09-071 – Vulnerabilities in Internet Authentication Service Could Allow Remote Code Execution (974318) MS09-074 – Vulnerability in Microsoft Office Project Could Allow Remote Code Execution (967183) MS09-072 – Cumulative Security Update for Internet Explorer (976325) MS09-069 – Vulnerability [...]
For many users, PDF’s are simply a mechanism for providing documents to read. Given the spate of vulnerabilities identified in Acrobat and Reader in 2009, and the likely promise of more in 2010, we are releasing by request this general instruction for disabling Javascript in Adobe Acrobat. An advisable approach, depending on your usage of these products, may be to disable Javascript and only re-enable when performing an activity with a PDF that requires Javascript be enabled, such as with an eForm.
A new zero-day vulnerability in Adobe Reader and Acrobat 9.1.3 has been identified by Chia-Ching Fang and the Taiwanese Information and Communication Security Technology Service Center that allows an attacker to remotely execute arbitrary code. The attack is seeded by providing via e-mail or download a specially crafted PDF file which in current examples will then drop a malware executable as well as an unaffected pdf file.
