|Network Security Consulting SecurityFocus Article
Limited Attacks Target Adobe Acrobat
Security firms and research groups warned on Monday that attackers are using a previously unknown flaw in Adobe Acrobat and Reader to level attacks against a limited number of targets.
Other security researchers warned of the seriousness of the flaw.
"We did not discover this vulnerability but have received multiple reports of this issue and have examined multiple different copies of malicious PDFs that exploit this issue," Steven Adair, a member of the ShadowServer Foundation, a malicious-code research group, wrote in a blog post. "This is legit and is very bad."
The exploit has been in the wild since at least Friday, December 11, Adair stated.
Vulnerabilities in Adobe's Acrobat, Reader and Flash product are serious issues because the software is used on nearly every system connected to the Internet. The software company patched seven serious vulnerabilities in its Flash player earlier this month in its regularly scheduled update.
"Until a patch become available, users can keep themselves safe by following best practices, such as not opening attachment from people you don't know," said Ben Greenbaum, a senior research manager with Symantec Security Response.
If you have tips or insights on this topic, please contact SecurityFocus.
Posted by: Robert Lemos