Adobe has confirmed that it has received reports regarding a flaw in its Acrobat Reader PDF viewing software being actively exploited by crackers.
In a posting to its Product Security Incident Response Team blog
, Adobe has stated that it has "received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild,
" and explains that it is investigating the issue while "assessing the risk to our customers
While the ne'er-do-wells might have the information they need to attack systems running vulnerable versions of the software, system administrators are finding themselves on the back foot due to a lack of information available on the 'net regarding the issue: with no details forthcoming, either from Adobe or on the common security mailing lists, it's a guessing game as to what the vulnerability might be - along with how to prevent or mitigate the attack vector, beyond simply uninstalling Adobe Reader and Acrobat from your system.
Regarding the veil of secrecy, Adobe's Wiebke Lips explained that "the reports [of the vulnerability] came to [Adobe] PSIRT directly from partners in the security community,
" who have chosen to allow Adobe time to patch the flaw before releasing details of the attack.
was being actively exploited, for which the 9.2 release was supposed to be a permanent fix. This attack itself came hot on the heels of another flaw in July
which affected both Adobe Reader and the company's Flash Player packages, itself a short jump from a zero-day exploit
- and these just represent the major security holes discovered in the company's software this year.
Are you disappointed to see yet another serious vulnerability in Adobe's software, or does the news of yet another Reader flaw surprise you not a jot? Share your thoughts over in the forums