Adobe rushes to fix zero-day Reader and Acrobat flaw

Software giant assures users that it's in the throes of sorting security hole.

Software vendor Adobe is working on a fix for the zero-day vulnerability that is reportedly blighting users of its Reader and Acrobat products.

It is feared the flaw could be used to carry out targeted attacks on Mac and PC users by tricking them into clicking on malicious PDFs sent via email.

Advertisement - Article continues below

In a security advisory on Adobe's website, the company confirmed that several versions of its Reader and Acrobat software are affected by the flaw.

"Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined," the advisory added.

In the meantime, IT admins are urged to switch on a feature called Protected View in the products' registry to safeguard users.

The vulnerability was uncovered by researchers at security vendor FireEye who claim the zero-day flaw is already being exploited in the wild.

 "Upon successful exploitation, it will drop two DLLs. The first shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks," said FireEye in a blog post.

"The second DLL in turn drops the callback component, which talks to a remote domain."

The company then goes on to warn Adobe users off opening unknown PDFs until the flaw is fixed.

Featured Resources

Top 5 challenges of migrating applications to the cloud

Explore how VMware Cloud on AWS helps to address common cloud migration challenges

Download now

3 reasons why now is the time to rethink your network

Changing requirements call for new solutions

Download now

All-flash buyer’s guide

Tips for evaluating Solid-State Arrays

Download now

Enabling enterprise machine and deep learning with intelligent storage

The power of AI can only be realised through efficient and performant delivery of data

Download now
Advertisement

Recommended

Visit/security/cyber-security/355210/cyber-criminals-torn-over-how-to-adapt-to-post-coronavirus-threat
cyber security

Hackers torn over how to adapt their tactics to the coronavirus pandemic

3 Apr 2020
Visit/security/cyber-security/355185/165-million-britons-experienced-a-cyber-crime-in-the-past-year
cyber security

Report: 16.5 million Britons fell victim to cyber crime in the past year

1 Apr 2020
Visit/cloud/amazon-web-services-aws/355183/aws-launches-amazon-detective
Amazon Web Services (AWS)

AWS launches Amazon Detective for investigating security incidents

1 Apr 2020
Visit/security/privacy/355182/government-to-launch-coronavirus-contact-tracking-app
privacy

UK government to launch coronavirus 'contact tracking' app

1 Apr 2020

Most Popular

Visit/security/cyber-security/355200/spacex-bans-the-use-of-zoom
cyber security

Elon Musk's SpaceX bans Zoom over security fears

2 Apr 2020
Visit/development/application-programming-interface-api/355192/apple-buys-dark-sky-weather-app-and-leaves
application programming interface (API)

Apple buys Dark Sky weather app and leaves Android users in the cold

1 Apr 2020
Visit/security/cyber-crime/355171/fbi-warns-of-zoom-bombing-hackers-amidst-coronavirus-usage-spike
cyber crime

FBI warns of ‘Zoom-bombing’ hackers amid coronavirus usage spike

31 Mar 2020