Still using Adobe Acrobat or Adobe Reader? Maybe it is time to switch to something that's not glowing red on the bad guy radar, or which is more securely coded depending upon how you look at these things. Yes, Adobe has admitted that there is yet another possible zero-day vulnerability in Adobe Acrobat and Reader, oh deep joy.

David Lenoe of Adobe confirms "...Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild" adding that the company is "currently investigating this issue and assessing the risk to our customers" and "will provide an update as soon as we have more information".

According to Symantec which discovered the vulnerability "the PDF files we discovered arrives as an email attachment. The attack attempts to lure email recipients into opening the attachment. When the file is opened, a malicious file is dropped and run on a fully patched system with either Adobe Reader or Acrobat installed. Symantec products detect the file as Trojan.Pidief.H".

I've said it before and I will say it again: "I just don't get is how month after month, quarter after quarter, year after year, the vulnerabilities just keep piling up". And piling up they are, with reports
seemingly coming thick and fast over the last couple of years.

215 Views
About the Author

A freelance technology journalist for 30 years, I have been a Contributing Editor at PC Pro (one of the best selling computer magazines in the UK) for most of them. As well as currently contributing to Forbes.com, The Times and Sunday Times via Raconteur Special Reports, SC Magazine UK, Digital Health, IT Pro and Infosecurity Magazine, I am also something of a prolific author. My last book, Being Virtual: Who You Really are Online, which was published in 2008 as part of the Science Museum TechKnow Series by John Wiley & Sons. I am also the only three times winner (2006, 2008, 2010) of the BT Information Security Journalist of the Year title, and was humbled to be presented with the ‘Enigma Award’ for a ‘lifetime contribution to information security journalism’ in 2011 despite my life being far from over...