Categories: Security

New Adobe Zero-Day Vulnerability Discovered

There is another security headache for Adobe, after hackers are reportedly exploiting a new vulnerability in its Reader and Acrobat software, despite the company already working on a fix for another zero-day bug exposed earlier this month.

According to Adobe’s Product Security Incident Response Team blog, the vulnerability impacts Adobe Reader and Acrobat 9.2, and is being exploited in the wild.

“We are currently investigating this issue and assessing the risk to our customers,” the company’s security team said in a blog post.

Adobe began hearing reports of the attack Monday afternoon, but it has been in the wild for nearly a week. The malicious Adobe Acrobat PDF file arrives as an email attachment, and executes when opened. According to Symantec, which detects the malware as Trojan.Pidief.H, the rate of infection at the moment is low.

However researchers with the Shadowserver Foundation, a volunteer security watchdog group, said that could change in the near future.

“We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least 11 December, 2009 ,” according to the Shadowserver blog. “However, the number of attacks (is) limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe.”

Both Shadowserver and the SANS Institute propose that users disable JavaScript as a defence if they are concerned about the vulnerability.

In addition to the latest bug, Adobe still has another zero-day to clear off its plate as well. Proof-of-concept exploit code has been circulating the web for a vulnerability in Adobe Illustrator CS4 and CS3 that can be exploited to execute code via a malicious Encapsulated PostScript (.eps) file in Illustrator.

Adobe has said it plans to fix the issue in Illustrator by 8 January.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

US Finalises Billions In Awards To Samsung, Texas Instruments

US finalises $4.7bn award to Samsung Electronics, $1.6bn to Texas Instruments to boost domestic chip…

4 hours ago

OpenAI Starts Testing New ‘Reasoning’ AI Model

OpenAI begins safety testing of new model o3 that uses 'reasoning' process to ensure reliability…

5 hours ago

US ‘Adding Sophgo’ To Blacklist Over Link To Huawei AI Chip

US Commerce Department reportedly adding China's Sophgo to trade blacklist after TSMC-manufactured part found in…

5 hours ago

Amazon Workers Go On Strike Across US

Amazon staff in seven cities across US go on strike after company fails to negotiate,…

6 hours ago

Senators Ask Biden To Extend TikTok Ban Deadline

Two US senators ask president Joe Biden to delay TikTok ban by 90 days after…

6 hours ago

Journalism Group Calls On Apple To Remove AI Feature

Reporters Without Borders calls on Apple to remove AI notification summaries feature after it generates…

7 hours ago