Security firm McAfee said it has spotted a vulnerability in the latest version of Adobe Reader that would allow someone to track a PDF document.
The flaw, which is being exploited in the wild, affects all versions of Reader, including the most recent, 11.0.2. While the hole does not enable remote code execution – the most serious outcome a vulnerability can have – it can permit a sender "to see when and where the PDF is opened," McAfee researcher Haifei Li wrote in a Friday blog post.
And researchers haven't ruled out whether the flaw is being used as part of an advanced persistent threat (APT)-style attack.
"Is this a serious problem?" Li wrote. "No, we don't want to overvalue the issue. However, we do consider this issue a security vulnerability. Considering this, we have reported the issue to Adobe and we are waiting for their confirmation and a future patch."
Li said McAfee is aware of the issue being actively leveraged. It has spotted a number of PDF samples sent by an email tracking service provider. Researchers, however, are unsure if this was done with malicious intentions.
But the vulnerability, which is able to bypass built-in Reader sandbox protection, could be used in such a way, namely for an APT, Li said.
An Adobe spokeswoman told SCMagazine.com on Monday that the company is aware of the issue and is investigating.