Adobe Applications Detected With New Flaw

Adobe is probing probable security flaws in its Acrobat and Reader applications, which if exploited could let a hacker execute malware on Windows computers. The flaw reportedly occurs in the JavaScript function of Adobe's Reader and Acrobat.

Notifying via a blog posting, Adobe indicated that it's working to counteract problems according to which, Acrobat and Reader versions 9.2 and older could be attacked by means of a malevolent PDF. Victims normally receive this PDF in the form of an e-mail attachment, which on opening could lead to the execution of the malware on vulnerable Windows system.

Ben Greenbaum, senior researcher at Symantec, said that if such an attack is successful, a hacker can completely take over the victim's system. According to him, hackers are likely using this attack to distribute botnet code, as per the news published by Network World on December 15, 2009. Greenbaum, however, adds that other probable techniques exist with which the malicious PDF exploit could be easily spread like downloading it down from the Internet.

Furthermore, other security investigators have too warned about the gravity of the vulnerability. A ShadowServer Foundation member Steven Adair stated the Foundation hasn't discovered this flaw; however, it has received a number of complaints about it. Thereafter, it studied many variants of malevolent PDFs, which take advantage of this flaw. The problem is real and is extremely awful, he added, reported Security Focus on December 15, 2009.

Meanwhile, online crooks have been reportedly dispatching harmful PDF files since December 11, 2009, which contain this new code of assault. However, these assaults have not been launched on a massive scale. But, security experts apprehended that with the spread of information about the flaw, these attacks are likely to get more serious.

Indeed, on December 15, 2009, many hacker websites claimed to have issued the attack's samples, implying that more-and-more crooks could soon use the exploit.

The security investigators informed that flaws in Adobe's Reader, Acrobat and Flash programs represent serious problems as almost every online computer uses the software.

ShadowServer Foundation advised Adobe users to disable the JavaScript. Another security firm Symantec suggested that users must exercise appropriate security practices while working online.

Related article: Adobe Rates Acrobat Vulnerabilities “Critical”

» SPAMfighter News - 12/24/2009