Updated Tuesday, June 24 at 4:07 p.m. ESTAdobe
has updated its Reader and Acrobat products to shore up a major vulnerability that already is being exploited in the wild, the company said.
An Adobe advisory
input validation issue. If exploited, the bug could permit remote code execution.
Andrew Storms, director of security operations at vendor nCircle, said on Tuesday that Adobe this year already has patched at least one other
might be on the track to be more secure, while Adobe Acrobat is going in the opposite direction."
An Adobe spokesman did not disagree but downplayed any outbreak.
Storms said Adobe released few details about this latest vulnerability, probably to ward off the potential for further exploits. Adobe said in its advisory that is has received reports of exploits appearing in the wild.
Jason Lam, a senior security analyst at a Canada-based financial institution and a handler for the SANS Internet Storm Center, warned of an uptick in compromised websites being used to distribute the exploit.
"This is likely to appear in a malware spreading website near you soongiven the track record of the botnet
operators," he wrote on the Storm Center's blog. "Suggest [you] update this oneas soon as possible."
Adobe Reader and Acrobat versions 7.1.0 are not affected.