Just when you thought you were out of the woods, one of the most vital of all tools necessary for getting your work orders has now possibly become infected by the Zero Day Exploit! You know, we did an article on Zero Day and the fact that it is tolerated by both law enforcement and government officials and there is actually a grey market for the sales. The problem is that now the market cannot …be controlled. Computerworld is reporting that Adobe is looking into the fact that even the Sandbox Environment may be suspect.
A successful exploit against a sandboxed program would have to leverage multiple vulnerabilities, including one that allows the exploit to escape from the sandbox. Such sandbox bypass vulnerabilities are rare, because the code that implements the actual sandbox is usually carefully reviewed and is fairly small in length compared to the program’s overall codebase that could contain vulnerabilities.
FireEye is, as well, reporting on the fact and they are remaining silent as to the specific details while working with Adobe on a counter measure. In essence, all we can do is take a wait and see approach. We generally scrub our systems nightly which use W*ndows and our production systems use Linux (Ubuntu) which are not impacted. For more information, feel free to reach out to us and we will walk you through the protocols.