Zero-day vulnerabilities in the most recent versions of Adobe Reader and Acrobat are being actively exploited by attackers, who are emailing malicious PDFs to targets to remotely compromise their PCs.

That warning comes from researchers at security firm FireEye, which said it's provided copies of the exploit code to Adobe. "A PDF zero-day is being exploited in the wild, and we observed successful exploitation on the latest Adobe PDF Reader 9.5.3, 10.1.5, and 11.0.1," according to a security warning posted Tuesday by FireEye. "Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain."

Adobe said it's investigating the alleged zero-day bugs. "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild," according to a brief Adobe vulnerability report released Tuesday. "We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information."

No additional details about the zero-day vulnerabilities have been publicly released, and it's not clear if the bugs allow attackers to bypass the sandbox built into Reader and Acrobat. But until the vulnerability gets patched, FireEye recommended that users avoid opening any PDF files of unknown origin.

... Read full story on InformationWeek


Post a comment to the original version of this story on InformationWeek