New Adobe Reader, Acrobat Vulnerability Under Attack

Attackers are exploiting a new vulnerability affecting Adobe Systems’ Reader and Acrobat software in what are reportedly targeted attacks.

According to Adobe’s Product Security Incident Response Team blog, the vulnerability impacts Adobe Reader and Acrobat 9.2, and is being exploited in the wild.

"We are currently investigating this issue and assessing the risk to our customers,” the company’s security team said in a blog post.

Adobe began hearing reports of the attack Monday afternoon, but it has been in the wild for nearly a week. The malicious Adobe Acrobat PDF file arrives as an e-mail attachment, and executes when opened. According to Symantec, which detects the malware as Trojan.Pidief.H, the rate of infection at the moment is low.

However, researchers with the Shadowserver Foundation, a volunteer security watchdog group, said that could change in the near future.

“We can tell you that this exploit is in the wild and is actively being used by attackers and has been in the wild since at least December 11, 2009,” according to the Shadowserver blog. “However, the number of attacks [is] limited and most likely targeted in nature. Expect the exploit to become more widespread in the next few weeks and unfortunately potentially become fully public within the same timeframe.”

Both Shadowserver and the SANS Institute propose that users disable JavaScript as a defense if they are concerned about the vulnerability.

In addition to the latest bug, Adobe still has another zero-day to clear off its plate as well. Earlier this year, proof-of-concept exploit code began circulating the Web for a vulnerability in Adobe Illustrator CS4 and CS3 that can be exploited to execute code via a malicious Encapsulated PostScript (.eps) file in Illustrator. Adobe has said it plans to fix the issue in Illustrator by Jan. 8.