Incident Response, Patch/Configuration Management, TDR, Vulnerability Management

Vulnerability in Adobe Acrobat leads to public exploit

Updated Tuesday, June 24 at 4:07 p.m. EST

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that already is being exploited in the wild, the company said.

An Adobe advisory said the "critical" vulnerability, spotted in Reader and Acrobat 8.1.2 and earlier versions, is related to an unspecified JavaScript input validation issue. If exploited, the bug could permit remote code execution.

Andrew Storms, director of security operations at vendor nCircle, said on Tuesday that Adobe this year already has patched at least one other Acrobat flaw related to a JavaScript error.

"It would appear that Adobe has an epidemic with regard to JavaScript," he told in an email. "One begins to wonder just how many more are yet to be found. We may be witnessing an interesting twist. It appears that Microsoft Word might be on the track to be more secure, while Adobe Acrobat is going in the opposite direction."

An Adobe spokesman did not disagree but downplayed any outbreak.

"It's true that some recent vulnerabilities with Adobe Reader have been associated with JavaScript," the spokesman said. "Vulnerabilities often follow trends as security researchers gravitate to certain areas, and that is likely what we're seeing here. As always, we take the security of our products and technologies seriously, and continue to invest a considerable amount of ongoing effort to ensure users are protected."

Storms said Adobe released few details about this latest vulnerability, probably to ward off the potential for further exploits. Adobe said in its advisory that is has received reports of exploits appearing in the wild.

Jason Lam, a senior security analyst at a Canada-based financial institution and a handler for the SANS Internet Storm Center, warned of an uptick in compromised websites being used to distribute the exploit.

"This is likely to appear in a malware spreading website near you soongiven the track record of the botnet operators," he wrote on the Storm Center's blog. "Suggest [you] update this oneas soon as possible."

Adobe Reader and Acrobat versions 7.1.0 are not affected.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.