Adobe Reader struck by zero-day flaw

Secunia warns of attacks in the wild already
Author:
Publish date:
14_adobe184.jpg

Adobe has issued a security update relating to a new zero-day flaw with the popular PDF view Adobe Reader. 

The company warned that Adobe Reader 9.3.4 and earlier versions were affected and that "this vulnerability could cause a crash and potentially allow an attacker to take control of the affected system."

Security firm Secunia issued an "Extremely Critical" advisory which described the flaw as existing in the wild, that is malware exploiting Adobe Reader has already been found. 

The latest vulnerability is the latest in a string of exploits from malware authors which often exploit the face that Adobe Reader is frequently installed on computer systems as a browser plug-in which thereby provides a route to circumvent browser security features.

"Adobe actively shares information about this and other vulnerabilities with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available," they said.

As always, opening PDF files from unknown authors is a risky business.

Related