If you’re running Adobe Acrobat or Reader, you might not want to open any PDFs unless you trust the sender. Adobe confirmed that hackers are currently exploiting a hole in the two programs, using PDFs to trick people into giving them full access to their computers.
The hole was revealed yesterday after security firm FireEye discovered it and reported it to Adobe. Adobe released a statement yesterday and updated it today to say that it is aware of the vulnerabilities and is currently working on a fix. The company went on to call the holes “critical” and confirmed that hackers are specifically using this attack to gain full control of your computer. Once in, they’d be able to access all your information, and if you’re a business, it could be an entry way into the broader network.
The vulnerability touches Adobe Reader XI, versions 11.0.01 and earlier; Reader X, 10.1.5 and earlier; Reader 9.5.3 (and earlier versions only for those Reader versions beginning with 9.x). All those versions affect both Windows and Macs except for the last, which also hits Linux. As far as Adobe Acrobat goes, it affects Acrobat XI, version 11.0.01 and earlier; X, versions 10.1.5 and earlier; and Acrobat 9.5.3, with all versions within the 9.x scheme also affected. Both Mac and Windows programs are hit here as well.
Aside from not opening PDFs, Adobe suggests Windows users protect themselves by using “Protected View.” You can set up Protected View by heading over to the Edit tab and going into Preferences, then Security (Enhanced) menu to turn it on.
Adobe has not yet said when it will release a fix.
VB’s research team is studying web-personalization... Chime in here, and we’ll share the results.