1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

New PDF Zero Day exploit found - Update your softare people

Discussion in 'BlackHat Lounge' started by G-S-T, Feb 15, 2013.

  1. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    • Thanks Thanks x 4
    Last edited: Feb 15, 2013
  2. G-S-T

    G-S-T Executive VIP Jr. VIP

    Joined:
    Jan 20, 2011
    Messages:
    1,831
    Likes Received:
    8,794
    Occupation:
    Full time IM
    Location:
    Heavy in the game
    "This is the first seen-in-the-wild exploit combining multiple zero-day vulnerabilities to bypass ASLR and the sandbox," Bekrar says, and "it's a typical offensive exploit used by law enforcement agencies to track and infect criminals' computers and investigate their illegal activities."


    WTF
     
  3. jazzc

    jazzc Moderator Staff Member Moderator Jr. VIP

    Joined:
    Jan 27, 2009
    Messages:
    2,468
    Likes Received:
    10,143
    I don't know about the sandbox, but bypassing ASLR doesn't require any kind of 0 day. ASLR just raises the difficulty bar and makes some bugs non-exploitable.

    There is a market for 0-day exploits with a few firms acting as middle agents and it makes sense that a government agency has a big enough pocket to get them :)
     
    • Thanks Thanks x 1
  4. s0ap

    s0ap Executive VIP Jr. VIP Premium Member

    Joined:
    Sep 23, 2008
    Messages:
    230
    Likes Received:
    810
    Occupation:
    :] guess
    Location:
    Congo/DRC
    I haven't read the CVEs but I am not entirely sure how ASLR relates to this exploit unless it is how they are breaking out of the sandbox. The author just kind of dropped it in the middle of the article.

    In any case using something like Evince is a lot more lightweight than Acrobat and is generally not susceptible to the same attack vectors, nor does it have the ability to execute Javascript IIRC.
     
    • Thanks Thanks x 1