Another Adobe Reader Zero Day Vulnerability In The Wild
Adobe Reader and Adobe Acrobat have been hit with yet another zero day vulnerability that is affecting all versions of both programs up to and including Adobe Reader and Adobe Acrobat 9.2.
The vulnerability has been disclosed to the public by Adobe's Security Response team which wrote in a blog post that Adobe is "currently investigating this issue and assessing the risk to customers".
Adobe itself did not reveal details about the exploit in the blog post but a post at the Shadowserver website which is run by security volunteers from around the world reveals details about the issue.
According to information posted on the website the exploit has been in the wild since at least December 11. The number of attacks have been limited and targeted so far according to the information. The experts expect the "exploit to become more wide spread in the next few weeks" with the potential to become fully public in the same timeframe.
A temporary fix was also published on the same website.
We have not had time to fully test but enabling hardware DEP for systems that support it may also mitigate this issue.
Update: Adobe has published a security advisory for the vulnerability in Adobe Reader and Acrobat. The vulnerability is rated critical. Attackers can exploit it to casue a crash and potentially take control of the operating system.