Attackers are actively exploiting a gaping zero-day
hole in versions 9 and earlier of Adobe
Acrobat and Reader, the company has warned.
Adobe said Thursday that successful exploitation of the buffer overflow
flaw could cause the application to crash and permit and attacker totake control of an affected system. The company said it plans to issuea patch by March 11 for version 9, and updates for versions 7 and 8 arescheduled to arrive soon after.
Researcher Steven Adair of the Shadowserver Foundation, a volunteer internet watchdog, recently tested a sample of the malicious PDF
he wrote Thursday.
"Right now, we believe these files are only being used in a smaller set of targeted attacks," Adair wrote. "However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet."
Shadowserver founder and director André De Mino told SCMagazineUS.com on Friday that users often are easily tricked into opening PDF files.
Adobe said it is working with the major anti-virus providers so they can provide updated signatures for their customers.