The zero-day flaw allows hackers to break into systems using Adobe Reader and Acrobat, by using malicious PDF files. Adobe officials say a fix for the issue will be available for Adobe Reader and Adobe Acrobat in the coming weeks.
Fixes to deal with the unpatched bug in Adobe Reader 9 and Acrobat 9 are planned for 11th March, and updates for earlier versions will come later, company officials said.
The bug is due to an error in the parsing of certain structures in PDF files. If exploited successfully, it could allow a hacker to take complete control of a vulnerable system.
“In parsing a specially-crafted embedded object, a bug in the reader allowed the attacker to overwrite memory at an arbitrary location,” blogged McAfee researcher Geok Meng Ong. “The attacks, found in the field, use the infamous heap spray method via JavaScript to achieve control of code execution.”
“While the distribution of this exploit thus far appears to be targeted, new variants are expected as more information is made public,” the researcher continued. “As with the Conficker experience, the lack of good patch management is a very worrying trend that deserves more attention from IT security practitioners. Adobe is expected to release a patch very soon.”
In the meantime, security researchers at the Shadowserver Foundation recommend users consider disabling JavaScript. Symantec also recommended Adobe users keep their antivirus up-to-date.
“While we continue to investigate this issue, customers are advised to follow best practices and only open email attachments from people they trust,” blogged Symantec researcher Patrick Fitzgerald. “Enabling DEP (Data Execution Prevention) for Adobe Reader will also help prevent this type of attack.”
Thoma Bravo agrees to acquire Darktrace for $5.32 billion in cash, delivering some welcome news…
Customer adoption of AI services embedded in cloud services continues to deliver results for Microsoft,…
TikTok's 'secret source' algorithm is so core to ByteDance, it would rather shut down US…
After relocating from California to Texas in 2020, Oracle's Larry Ellison now reveals plan to…
Share price hit after Meta admits heavy AI spending plans, after posting strong first quarter…
For third time Google delays phase-out of third-party Chrome cookies after pushback from industry and…