Thursday, April 30, 2009

Update on Adobe JBIG2 0-Day from February

The video below from Matthew Watchinski of SourceFire VRT offers some interesting information on the events surrounding the Adobe JBIG2 0-Day from February

If you have a few moments (and you are a complete geek) you might find it interesting.

Notable from the presentation:

  • JBIG2 vulnerability sold on the black market on Jan 1st to a buyer in China for $75K
  • first exploit related to this vuln was observed in the wild on January 11th
  • ShadowServer crew posted their notification on February 19th
  • Adobe knew about it before but sat on it and did nothing
  • exploit was used in the wild for approx a month before it became public
  • All pdf readers including Foxit and Mac OSX Preview were vulnerable to this exploit
  • All of the risk mediation that we were told at the time concerning the 0-day proved to be wrong
  • PDF vulnerabilities are easy to find
  • PDF vulnerabilities are highly sought after in the darker corners of the internet