Adobe Acrobat is vulnerable once again. This is getting ridiculous. They have enough money to buy up software companies but yet they can’t invest the time and money to harden their existing products?
They worked so hard to get everyone to use their software. It’s standard on computer installs now. Who doesn’t have Adobe Acrobat Reader on their computer?
With this latest “hole”, I’ve started looking for alternatives and I’ll let you know if and when I find one. But in retrospect, I’d rather stay with a company that is solidly locked into the software market and has a lot to lose if they don’t fix their vulnerabilities, than one that might be a fly-by-night company and leaves me standing out in the cold.
Many in the security community have even coined an acronym for this scenario – YAPE (Yet Another PDF Exploit). You know things are bad when the security community assigns an acronym to it.
- Launch Adobe Acrobat Reader
- Select Edit -> Preferences
- Click “Ok”
As of this writing, Adobe is working on a patch. All versions of Adobe Acrobat, on every platform; Mac, Linux and Windows are vulnerable.
I will keep you updated on this situation or you can follow it on Adobe’s website here:
As always, I recommend you apply the patch as it becomes available as this exploit will allow an attacker to remotely execute commands on your computer and the exploit code is already available.
Our honeypots have not detected any new waves of infectious PDFs in the wild – yet. But sure as, well you know, they will be forth coming.
Please feel free to pass the link to this posting to your friends and family.