More on Adobe: Attackers already exploiting new Acrobat/Reader flaw

According to the software giant, a critical vulnerability exists in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and Unix platforms, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh.

The vulnerability (CVE-2010-2883) says Adobe, could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild.

The company says it is in the process of evaluating the schedule for an update to resolve this vulnerability.

But it doesn't stop there, as Brian Krebs of the Krebs on Security blog says that an evil PDF file going around that leverages the new exploit.

And, he notes, the infected PDF is detected by only 25% of the anti-virus programmes in regular use, as witnessed by the result of the file on the VirusTotal web portal.

In his report, Krebs says that Adobe's advisory doesn't discuss possible mitigating factors, although turning off Javascript in Reader is always a good first step.

"Acrobat Javascript can be disabled using the Preferences menu (Edit -> Preferences -> Javascript and un-check Enable Acrobat Javascript)", he said.

Better yet, adds Krebs, users should consider using an alternative PDF reader that isn't quite so heavily targeted as Adobe's, such as Foxit, Sumatra, or Nitro PDF.

Infosecurity notes that Mozilla Firefox users may also elect to install the Noscript add-on, which goes a long way towards stopping Adobe PDF malware.

What’s Hot on Infosecurity Magazine?