Categories: Security

New Adobe Zero-Day Vulnerability Discovered

There is another security headache for Adobe, after hackers are reportedly exploiting a new vulnerability in its Reader and Acrobat software, despite the company already working on a fix for another zero-day bug exposed earlier this month.

According to Adobe’s Product Security Incident Response Team blog, the vulnerability impacts Adobe Reader and Acrobat 9.2, and is being exploited in the wild.

“We are currently investigating this issue and assessing the risk to our customers,” the company’s security team said in a blog post.

Adobe began hearing reports of the attack Monday afternoon, but it has been in the wild for nearly a week. The malicious Adobe Acrobat PDF file arrives as an email attachment, and executes when opened. According to Symantec, which detects the malware as Trojan.Pidief.H, the rate of infection at the moment is low.

However researchers with the Shadowserver Foundation, a volunteer security watchdog group, said that could change in the near future.

“We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least 11 December, 2009 ,” according to the Shadowserver blog. “However, the number of attacks (is) limited and most likely targeted in nature. Expect the exploit to become more wide spread in the next few weeks and unfortunately potentially become fully public within the same timeframe.”

Both Shadowserver and the SANS Institute propose that users disable JavaScript as a defence if they are concerned about the vulnerability.

In addition to the latest bug, Adobe still has another zero-day to clear off its plate as well. Proof-of-concept exploit code has been circulating the web for a vulnerability in Adobe Illustrator CS4 and CS3 that can be exploited to execute code via a malicious Encapsulated PostScript (.eps) file in Illustrator.

Adobe has said it plans to fix the issue in Illustrator by 8 January.

Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Share
Published by
Brian Prince eWEEK USA 2014. Ziff Davis Enterprise Inc. All Rights Reserved

Recent Posts

Northvolt Mulls US Bankruptcy Protection – Report

Troubled battery maker Northvolt reportedly considers Chapter 11 bankruptcy protection in the United States as…

16 hours ago

FTC Plans Investigation Into Microsoft Cloud Business – Report

Microsoft's cloud business practices are reportedly facing a potential anti-competitive investigation by the FTC

18 hours ago

Programmer Sentenced To Five Years In Prison For Bitcoin Laundering

Ilya Lichtenstein sentenced to five years in prison for hacking into a virtual currency exchange…

20 hours ago

Hate Speech Watchdog CCDH To Quit Musk’s X

Target for Elon Musk's lawsuit, hate speech watchdog CCDH, announces its decision to quit X…

2 days ago

Meta Fined €798m Over Alleged Facebook Marketplace Violations

Antitrust penalty. European Commission fines Meta a hefty €798m ($843m) for tying Facebook Marketplace to…

2 days ago

Elon Musk Rebuked By Italian President Over Migration Tweets

Elon Musk continues to provoke the ire of various leaders around the world with his…

2 days ago