Adobe Acknowledges Acrobat Reader Vulnerability

Adobe Systems, the California-based software giant, has initiated an investigation on an unpatched flaw in its Reader and Acrobat software that has reportedly been exploited by hackers to install malicious viruses in vulnerable systems.

The software packages were used to implement several attacks since December 11 and according to reports from security firm Secunia, the hackers were able to successfully install a dubious code in to targeted systems via the zero-day bug which is affecting Adobe Reader and Acrobat 9.2 or below.

The company has posted a blog on its security page which acknowledges the bug and said that it was being looked into. However, a specific date of release of a patch has not been announced.

Shadowserver, a voluntary group of internet security workers, has warned users of the affected software to disable their JavaScript in order to safeguard their systems until Adobe has released a patch for the zero-day bug.

Adobe has experienced these fresh attacks on its software in the light of the release of a patch for its Flash and AIR software that tackled a previously unpatched vulnerability. The company is also planning to release a patch for a zero-day bug for Illustrator on January 8th.

It had released a massive patch bundle for Acrobat applications back in October after having discovered another set of vulnerabilities two months ago.

Our Comments

Acrobat is likely to work overtime to get a patch out for this vulnerability that has already been exploited by cybercriminals. This is particularly pressing as the Christmas holiday period is quickly approaching and you can expect criminals to work overtime during that timeframe.

Related Links

New Adobe zero-day threat discovered

(V3)

Adobe owns up to exploit in Reader and Acrobat

(PC PRO)

Adobe admits yet another Acrobat flaw

(Tech Radar)

Adobe Warns of Reader, Acrobat Attack in the Wild

(PC World)