Adobe’s PDF reader and creator software continues to be under a seemingly endless attack, and a new vulnerability has the security community very worried. A critical flaw in all editions of its PDF reader and creator software will allow attackers to crash the application and gain control of a person’s computer. This vulnerability has been acknowledged by Adobe, but a fix is still rumored to be 2-3 week away. Initially the company will be working to patch version 9, but will eventually include fixes for version’s 7 & 8 as well.
According to the McAfee security blog, malicious PDF documents are already in the wild, and have been appearing across the web since early January. PDF exploits are of significant concern to the security community since the reader software interfaces very closely with web browsers. In many cases PDF documents are opened within a new browser tab, and displayed even with a user’s consent. According to Symantec this attack has primarily been directed towards government agencies and large corporations, it is not widespread as of yet.