Cyber-Attack Dodges Sandbox to Hit Adobe Reader, Windows XP
A technical analysis shows that a cyber-attack currently hitting systems in the wild is using two separate vulnerabilities to break out of the Adobe sandbox to infect Windows systems.A cyber-attack currently hitting systems on the Internet uses two vulnerabilities—one in Adobe Reader and another in Windows—to compromise Windows XP and 2003 systems and download code, according to a technical analysis of the attack published by security firm Trustwave on Dec. 11. The attack, first detected by threat-protection firm FireEye in late November, uses a software flaw to escape from the security container, also known as the sandbox, which was implemented by Adobe to protect users of its software. A second part of the attack exploits a still-unpatched vulnerability in Windows XP and Windows 2003 to gain greater privileges so the attacker can install code on the compromised machine and take control of it. While attacks that chain together several exploits—especially those that incorporate a privilege escalation—are not uncommon, the technique shows that these particular attackers are skilled, Ziv Mador, director of security research for Trustwave, told eWEEK. "It shows the very high sophistication of the people who identified these vulnerabilities and turned them into attacks," he said. "It shows that they are highly technical to find vulnerabilities in different products and combine them into a reliable exploit."
Attackers continue to use more sophisticated techniques to get around defensive technologies put in place by operating system vendors and software developers. Microsoft incorporate techniques such as data execution protection (DEP) and address space layout randomization (ASLR) to make exploitation of software flaws more difficult and less reliable.