SkyRecon Systems, the premier provider of integrated, proactive endpoint security solutions, today announced that its StormShield Security Suite provides automatic protection for Adobe Reader and Acrobat PDF files which reportedly contain a vulnerability that could lead to unauthorized remote code execution as describe in Adobe Security Bulletin (APSA10-02). This vulnerability is exploitable on nearly any operating system that supports this open document standard and has been reported as being actively exploited in the wild.

On September 8, 2010 Adobe announced the discovery of a new critical vulnerability.  This particular type is known as a ‘Stack Overflow’ and affects nearly all Acrobat and Reader software versions, including the most recent ones. This vulnerability specificity and virulence affects the way it is exploited.  The compromised PDF file contains malicious code able to identify which Reader/Acrobat version is used by the target and to adapt the payload accordingly in order to bypass Microsoft Windows, Macintosh and UNIX environment protections. For example, these unique exploitation methods were able to bypass the most recent Windows Vista and Windows 7 protections, namely DEP (Data Execution Prevention) and ASLR (Address Space Layout Randomization).

While no Adobe security patch has been released yet, SkyRecon ensures that Windows laptops, servers and desktops running StormShield v5.5 lightweight client and StormShield Personal Edition software are automatically protected against this new zero-day attack. “After conducting several tests we have confirmed that our StormShield solution natively blocks the attacks aimed at exploiting the latest Adobe vulnerability,” said Cédric Gilbert, Research Engineer at SkyRecon Systems, Inc. “StormShield’s users can safely download and view secure PDFs while automatically being protected from a PDF that has been compromised and currently in the wild – even before the Adobe patch is made available.”


About SkyRecon Systems Inc.
Founded in 2003, SkyRecon Systems is a visionary global provider of endpoint protection platforms. With its award-winning and analyst-recognized endpoint security solutions, organizations are able to ensure protection and enforce policy for endpoint systems, applications, data and users upon which their business relies. The company is a contributing member of the SecureIT Alliance, has received the prestigious Red Herring 100 Award, and has been named "Entrepreneurial Security Company of the Year” by Frost & Sullivan.  Its StormShield Endpoint Security product received the SC Magazine “Best of 2009” award for Endpoint Security.

****

Press Contact :
Franck Tupinier
MyNticPR
ftupinier@myntic-pr.com
+33.(0)6.74.68.37.93