Security companies are warning of a new flaw in two Adobe Systems programs that could compromise a PC merely by opening a malicious PDF (Portable Document Format) file.
Hackers are exploiting the flaw in the wild, although attacks are not widespread yet, according to Symantec and the Shadowserver Foundation.
The flaw affects version 9 of Reader and Acrobat as well as earlier versions, according to Adobe’s advisory. A buffer overflow condition can be triggered by opening a specially-crafted PDF, which gives the attackers control of the computer. Shadowserver wrote that the flaw could be exploited on systems running Microsoft’s Windows XP SP3.
Adobe called the flaw “critical,” it’s most severe rating, and said it will release a patch for Reader 9 and Acrobat 9 by March 11. The company said patches for version 8 of Reader and Acrobat will follow, then finally for version 7 of Reader and Acrobat.
In the meantime, hackers will quickly try to use the flaw. PDF vulnerabilities are especially dangerous since the file format is widely used.
“Right now we believe these files are only being used in a smaller set of targeted attacks,” Shadowserver wrote in its advisory. “However, these types of attacks are frequently the most damaging, and it is only a matter of time before this exploit ends up in every exploit pack on the Internet.”
There are a couple of defenses PC users can employ until the patch arrives. Users should not open PDFs from untrusted sources, Symantec said. Also, since the attack relies on JavaScript, users can disable that function in Acrobat and Reader, Shadowserver advised.
“You have the choice of small loss in functionality and a crash versus your systems being compromised and all your data being stolen,” the organization wrote. “It should be an easy choice.”