Security researchers at Adobe have been alerted to a new zero day vulnerability in PDF software Adobe Reader.
The vulnerability has been found in versions 9.5.3, 10.1.5 and 11.0.1 of Reader and hackers have begun taking advantage of this by installing malware on compromised machines worldwide. The vulnerability deploys a malware that has been crafted to install two DDLs on successfully attacked machines. The malware displays an error message to open a decoy PDF and then opens the backdoor to allow code to connect to a remote server.
Adobes security researchers are currently working on a fix, in the meantime it’s advised that no unknown PDFs are opened by users or an alternative PDF viewer is recruited temporarily.
With 90% of the world’s computers having Adobe Reader installed, the programme has become a popular vector for hackers. Last month 2 emergency patches were released to protect against vulnerabilities in Adobe Flash.