WARNING: new Adobe zero-day vulnerability in the wild

happygeek 0 Tallied Votes 374 Views Share

Still using Adobe Acrobat or Adobe Reader? Maybe it is time to switch to something that's not glowing red on the bad guy radar, or which is more securely coded depending upon how you look at these things. Yes, Adobe has admitted that there is yet another possible zero-day vulnerability in Adobe Acrobat and Reader, oh deep joy.

David Lenoe of Adobe confirms "...Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild" adding that the company is "currently investigating this issue and assessing the risk to our customers" and "will provide an update as soon as we have more information".

According to Symantec which discovered the vulnerability "the PDF files we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H".

I've said it before and I will say it again: "I just don't get is how month after month, quarter after quarter, year after year, the vulnerabilities just keep piling up". And piling up they are, with reports
seemingly coming thick and fast over the last couple of years.