Vulnerability in Adobe Acrobat leads to public exploit

News by Dan Kaplan

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that is already being exploited in the wild

Adobe has updated its Reader and Acrobat products to shore up a major vulnerability that is already being exploited in the wild, the company said.

An Adobe advisory said the "critical" vulnerability, spotted in Reader and Acrobat 8.1.2 and earlier versions, is related to an unspecified JavaScript input validation issue. If exploited, the bug could permit remote code execution.

Andrew Storms, director of security operations at vendor nCircle, said yesterday that Adobe has this year already patched at least one other Acrobat flaw related to a JavaScript error.

"It would appear that Adobe has an epidemic with regard to JavaScript," he told in an email. "One begins to wonder just how many more are yet to be found. We may be witnessing an interesting twist. It appears that Microsoft Word might be on the track to be more secure, while Adobe Acrobat is going in the opposite direction."

An Adobe spokesman did not disagree but downplayed any outbreak.

"It's true that some recent vulnerabilities with Adobe Reader have been associated with JavaScript," the spokesman said. "Vulnerabilities often follow trends as security researchers gravitate to certain areas, and that is likely what we're seeing here. As always, we take the security of our products and technologies seriously, and continue to invest a considerable amount of ongoing effort to ensure users are protected."

Storms said Adobe released few details about this latest vulnerability, probably to ward off the potential for further exploits. Adobe said in its advisory that is has received reports of exploits appearing in the wild.

Jason Lam, a senior security analyst at a Canada-based financial institution and a handler for the SANS Internet Storm Center, warned of an increase in compromised websites being used to distribute the exploit. "This is likely to appear in a malware-spreading website near you soon given the track record of the botnet operators," he wrote on the Storm Center's blog. "Suggest [you] update this one as soon as possible."

Adobe Reader and Acrobat versions 7.1.0 are not affected.

Find this article useful?

Get more great articles like this in your inbox every lunchtime

Upcoming event 

Webcast: Understanding this year's biggest adversaries - and how to combat them 

Nation-state activity, versatile, slippery strategies and Big Game Hunting - the threats are real, dangerous and ever changing. 
Brought to you in partnership with Crowdstrike