Adobe rushes to fix zero-day Reader and Acrobat flaw

Software giant assures users that it's in the throes of sorting security hole.

Software vendor Adobe is working on a fix for the zero-day vulnerability that is reportedly blighting users of its Reader and Acrobat products.

It is feared the flaw could be used to carry out targeted attacks on Mac and PC users by tricking them into clicking on malicious PDFs sent via email.

Advertisement - Article continues below

In a security advisory on Adobe's website, the company confirmed that several versions of its Reader and Acrobat software are affected by the flaw.

"Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined," the advisory added.

In the meantime, IT admins are urged to switch on a feature called Protected View in the products' registry to safeguard users.

The vulnerability was uncovered by researchers at security vendor FireEye who claim the zero-day flaw is already being exploited in the wild.

 "Upon successful exploitation, it will drop two DLLs. The first shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks," said FireEye in a blog post.

"The second DLL in turn drops the callback component, which talks to a remote domain."

The company then goes on to warn Adobe users off opening unknown PDFs until the flaw is fixed.

Featured Resources

Key considerations for implementing secure telework at scale

Identifying the security risks and advanced requirements of a remote workforce

Download now

The State of Salesforce 2020

Your guide to getting the most from Salesforce

Download now

Fast, flexible and compliant e-signatures for global businesses

Be at the forefront of digital transformation with electronic signatures

Download now

Rethink your cybersecurity strategy for the new world

5 steps to secure the enterprise and be fit for a flexible future

Download now
Advertisement

Recommended

Russia hacked Liam Fox's personal email to steal trade documents
phishing

Russia hacked Liam Fox's personal email to steal trade documents

4 Aug 2020
British teenager charged over Twitter hack
hacking

British teenager charged over Twitter hack

3 Aug 2020
Mid-year report says vulnerabilities up 22% in 2020
hacking

Mid-year report says vulnerabilities up 22% in 2020

30 Jul 2020
BlackRock banking Trojan targets Android apps
trojans

BlackRock banking Trojan targets Android apps

27 Jul 2020

Most Popular

How to find RAM speed, size and type
Laptops

How to find RAM speed, size and type

3 Aug 2020
How to use Chromecast without Wi-Fi
Mobile

How to use Chromecast without Wi-Fi

4 Aug 2020
UN report points to a 350% rise in phishing websites at start of 2020
phishing

UN report points to a 350% rise in phishing websites at start of 2020

7 Aug 2020