The year hasn’t been kind to Adobe and its PDF file format, which has been hit with a slew of zero-day exploits. Now Adobe and researchers are reporting that yet another vulnerability has surfaced, and with it, working attack code. eSecurity Planet has the story.
Users of Adobe Reader and Acrobat PDF documents could be risk from a new zero-day vulnerability, with the company saying it has gotten reports that the flaw is currently being exploited in the wild.
Adobe (NASDAQ: ADBE) has not yet released a full advisory detailing the security issue, but has issued a brief statement on its security blog.
“Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324),” Adobe’s David Lenoe wrote on the Adobe Product Security Incident Response Team (PSIRT) blog. “We are currently investigating this issue and assessing the risk to our customers.”
According to security researchers at the Shadowserver Foundation, the new Adobe PDF vulnerability has been circulating the Internet and resulting in exploits since Dec. 11.