Adobe Applications Detected With New Flaw
Notifying via a blog posting, Adobe indicated that it's working to counteract problems according to which, Acrobat and Reader versions 9.2 and older could be attacked by means of a malevolent PDF. Victims normally receive this PDF in the form of an e-mail attachment, which on opening could lead to the execution of the malware on vulnerable Windows system.
Ben Greenbaum, senior researcher at Symantec, said that if such an attack is successful, a hacker can completely take over the victim's system. According to him, hackers are likely using this attack to distribute botnet code, as per the news published by Network World on December 15, 2009. Greenbaum, however, adds that other probable techniques exist with which the malicious PDF exploit could be easily spread like downloading it down from the Internet.
Furthermore, other security investigators have too warned about the gravity of the vulnerability. A ShadowServer Foundation member Steven Adair stated the Foundation hasn't discovered this flaw; however, it has received a number of complaints about it. Thereafter, it studied many variants of malevolent PDFs, which take advantage of this flaw. The problem is real and is extremely awful, he added, reported Security Focus on December 15, 2009.
Meanwhile, online crooks have been reportedly dispatching harmful PDF files since December 11, 2009, which contain this new code of assault. However, these assaults have not been launched on a massive scale. But, security experts apprehended that with the spread of information about the flaw, these attacks are likely to get more serious.
Indeed, on December 15, 2009, many hacker websites claimed to have issued the attack's samples, implying that more-and-more crooks could soon use the exploit.
The security investigators informed that flaws in Adobe's Reader, Acrobat and Flash programs represent serious problems as almost every online computer uses the software.
Related article: Adobe Rates Acrobat Vulnerabilities “Critical”
» SPAMfighter News - 24-12-2009