Zero-day vulnerability threatens Adobe users

Adobe investigating possible Reader and Acrobat vulnerabilities

Adobe is investigating possible vulnerabilities in its Reader and Acrobat applications that could allow an attacker to execute malicious code on Windows machines and completely compromise them.

Adobe issued a notification on a blog signaling it's preparing a response regarding claims that its Reader and Acrobat versions 9.2 and earlier are vulnerable to an attack via a malicious PDF. Symantec senior researcher Ben Greenbaum has been in touch with Adobe since Monday on the issue, adding Symantec has updated its security software to defend against this latest threat.
"We were contacted by a researcher who discovered the attack being exploited in the wild," Greenbaum says. "It's mostly targeted e-mail.”

The attack would include the malicious PDF as an e-mail attachment to the victim, and the malicious code would execute on any unprotected Windows machine when the recipient clicked on it.

To continue reading, register here and become an Insider. You'll get free access to premium content from CIO, Computerworld, CSO, InfoWorld, and Network World. See more Insider content or sign in.

Adobe is investigating possible vulnerabilities in its Reader and Acrobat applications that could allow an attacker to execute malicious code on Windows machines and completely compromise them.

Adobe issued a notification on a blog signaling it's preparing a response regarding claims that its Reader and Acrobat versions 9.2 and earlier are vulnerable to an attack via a malicious PDF. Symantec senior researcher Ben Greenbaum has been in touch with Adobe since Monday on the issue, adding Symantec has updated its security software to defend against this latest threat.
"We were contacted by a researcher who discovered the attack being exploited in the wild," Greenbaum says. "It's mostly targeted e-mail.”

The attack would include the malicious PDF as an e-mail attachment to the victim, and the malicious code would execute on any unprotected Windows machine when the recipient clicked on it.

3 basic steps to avoid joining a botnet 

A successful attack could entirely compromise the victim's machine, and it's likely this is being used to try and spread botnet code, Greenbaum notes. He adds that there are other possible methods that could be used to disseminate the malicious PDF attack code, including downloading the code from the Internet.

Adobe Tuesday indicated it will make statements related to Adobe Reader and Adobe Acrobat and this latest threat at its security information alert blog.

Read more about security in Network World's Security section.