Tuesday, October 13, 2009

Hackers exploit Adobe PDF zero-day attack

Adobe recommends disabling JavaScript

For the fourth time this year, Adobe has admitted that hackers were using malicious PDF documents to break into Windows PCs.
The bug in the popular Reader PDF viewer and the Acrobat PDF maker is being exploited in "limited targeted attacks," Adobe said.

Users of Adobe Reader should disable JavaScript to avoid a zero-day hacking attack on the PDF document reader software.
Adobe promised to patch the vulnerability on today (13 Oct.), the same day that Microsoft plans to issue its biggest-ever collection of security updates.
The bug exists in Reader and Acrobat versions 9.1.3 and earlier on Windows, Mac OS and Linux, said Adobe in a security advisory published Thursday, but as far as the company knows, it is being exploited only to hijack Windows PCs.

"There are reports that this issue is being exploited in the wild in limited targeted attacks," said Adobe. "The exploit targets Adobe Reader and Acrobat 9.1.3 on Windows."

Adobe will plug the hole next week as part of its quarterly security update for Reader and Acrobat. Last June, Adobe announced it would follow the lead of companies like Microsoft and Oracle, and release regular security updates for Reader and Acrobat.

More Info : http://news.techworld.com

No comments: