The zero-day vulnerability on Adobe Flash, Reader, and Acrobat is being exploited by a strain of malware.
Symantec's Joji Hamada claimed that Trojan.Pidief.J, a PDF file that drops a backdoor onto the compromised computer if an affected product is installed, is a new threat to the vulnerability.
Hamada said that attacks on the vulnerability can take place by receiving an email with a malicious PDF attachment or with a link to the malicious PDF file or through a website with the malicious SWF embedded in HTML code or by stumbling across a malicious PDF or SWF file when surfing the web.
He said: “We have confirmed that the attack involves Trojan.Pidief.J, which is a PDF file that drops a backdoor Trojan onto the compromised computer if an affected product is already installed.
“We have also come across an attack using a malicious SWF file (detected as Trojan Horse) in conjunction with a HTML file (detected as Downloader) to download another malware (detected as Backdoor.Trojan) from the web.
“The attacks seem limited at this point. However, other cyber criminals may jump on the bandwagon to take advantage of the vulnerability in the very near future. It's advisable that you visit Adobe's security advisory and spend some time investigating what workarounds would be applicable for your environment until a patch is released.
Security blogger Brian Krebs said: “Clearly, this is a follow-the-bouncing-malware type of exploit. Symantec notes that while the current attacks against this flaw are targeted and limited, that will likely soon change as more criminal groups start taking advantage of the vulnerability.”