Hackers target unpatched Adobe Reader, Acrobat flawDecember 15, 2009 – 6:07 AM
Adobe Systems Inc. said Monday it is investigating reports that attackers are exploiting a previously unidentified security hole in its Acrobat and PDF Reader software to break into vulnerable computers.
The acknowledgment coincided with an alert published by the Shadowserver Foundation, a nonprofit group that tracks the spread of malicious programs that criminals use to control infected systems remotely. Shadowserver member Steven Adair said the flaw is present in the most recent versions of Adobe Acrobat and Reader.
Adair warned that security experts have observed cyber crooks using the vulnerability in targeted attacks since at least Dec. 11, but that more widespread attacks are likely to emerge over the next few weeks. In addition, few anti-virus vendors currently detect malicious PDF files harboring this exploit.
At the moment, there is no patch available for this flaw, and Adobe’s brief advisory offers little in the way of mitigation advice.