Researchers at McAfee Labs recently came across some PDF samples that exploited an unpatched vulnerability affecting every version of Adobe Reader, including Adobe Reader XI (h/t Computer Weekly).

While the vulnerability doesn't enable code execution, it does allow the attacker to view where and when the PDF was opened. While Adobe Reader will usually ask for permission before sending such data, no permission is required in this case.

While this isn't a particularly serious issue, McAfee's Haifei Li notes that it could be leveraged to initiate a targeted attack. "An APT attack usually consists of several sophisticated steps," Li writes. "The first step is often collecting information from the victim; this issue opens the door. Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider, or even the victim’s computing routine."


McAfee has detected PDF samples in the wild that are exploiting the issue -- the company recommends disabling JavaScript in Reader until Adobe releases a patch for the vulnerability.