Skip to main content

Adobe Acknowledges Acrobat Reader Vulnerability

Adobe Systems, the California-based software giant, has initiated an investigation on an unpatched flaw in its Reader and Acrobat software that has reportedly been exploited by hackers to install malicious viruses in vulnerable systems.

The software packages were used to implement several attacks since December 11 and according to reports from security firm Secunia, the hackers were able to successfully install a dubious code in to targeted systems via the zero-day bug which is affecting Adobe Reader and Acrobat 9.2 or below.

The company has posted a blog on its security page which acknowledges the bug and said that it was being looked into. However, a specific date of release of a patch has not been announced.

Shadowserver, a voluntary group of internet security workers, has warned users of the affected software to disable their JavaScript in order to safeguard their systems until Adobe has released a patch for the zero-day bug.

Adobe has experienced these fresh attacks on its software in the light of the release of a patch for its Flash and AIR software that tackled a previously unpatched vulnerability. The company is also planning to release a patch for a zero-day bug for Illustrator on January 8th.

It had released a massive patch bundle for Acrobat applications back in October after having discovered another set of vulnerabilities two months ago.

Our Comments

Acrobat is likely to work overtime to get a patch out for this vulnerability that has already been exploited by cybercriminals. This is particularly pressing as the Christmas holiday period is quickly approaching and you can expect criminals to work overtime during that timeframe.

Related Links

New Adobe zero-day threat discovered (opens in new tab)

(V3)

Adobe owns up to exploit in Reader and Acrobat (opens in new tab)

(PC PRO)

Adobe admits yet another Acrobat flaw (opens in new tab)

(Tech Radar)

Adobe Warns of Reader, Acrobat Attack in the Wild (opens in new tab)

(PC World)

Désiré has been musing and writing about technology during a career spanning four decades. He dabbled in website building and web hosting when DHTML and frames were en vogue and started writing about the impact of technology on society just before the start of the Y2K hysteria at the turn of the last millennium. Following an eight-year stint at ITProPortal.com where he discovered the joys of global tech-fests, Désiré now heads up TechRadar Pro. Previously he was a freelance technology journalist at Incisive Media, Breakthrough Publishing and Vnunet, and Business Magazine. He also launched and hosted the first Tech Radio Show on Radio Plus.