Adobe owns up to exploit in Reader and Acrobat

 

Gallery

By Barry Collins

Posted on 15 Dec 2009 at 10:30

Adobe has admitted its Reader and Acrobat software is being targeted by a zero-day exploit.

In a statement issued by its Product Security Incident Response Team, Adobe says it has "received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild. We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information."

Security firm Symantec claims to have verified the vulnerability, and offers a little more detail on how the Trojan works. "The malicious Adobe Acrobat PDF file is distributed in the form of an email attachment which drops and executes when opened on a fully patched system with either Adobe Acrobat or Reader installed," the company claims.

Symantec adds that the rate of infection is "extremely limited" and the exploit is ranked as "very low risk".

A report issued earlier this year by Microsoft claimed that Adobe's products had become a greater security risk than its own.

Adobe has subsequently launched quarterly security updates for its products, which are timed to coincide with Microsoft's Patch Tuesday.