Zero-day Vulnerability in Adobe Reader Confirmed

Software maker Adobe has warned that hackers are actively exploiting a zero-day vulnerability in Adobe Reader and may be using it to attack defence contractors.

The company credited defence contractor Lockheed Martin CIRT for shedding light on the vulnerability, which was used against it in a recent cyber-attack.

Adobe promised to release a patch to plug the hole in the Windows version of Adobe Reader and Acrobat 9 by the end of this week.

"A critical vulnerability has been [found] in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh," Adobe said in a security advisory.

"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system", the company warned.

Adobe mentioned that the vulnerability found in only Acrobat 9.x was being exploited by hackers at the moment but the vulnerability affects all the versions of Reader and Acrobat.

The company confirmed that hackers were exploiting the vulnerability in cyber-attacks but failed to mention how they were going about it and which defence contractors they had targeted in their nefarious activities.