FireEye researchers recently came across a zero-day security flaw in Adobe Reader that's being actively exploited in the wild.
"The experts say that versions 9.5.3, 10.1.5 and 11.0.1 are affected," writes Softpedia's Eduard Kovacs. "The attacks rely on cleverly crafted PDF documents. When the PDF file is opened, two DLLs are dropped. One of them shows a fake error message and opens a decoy document, while the other one drops the callback component that's in charge of communicating with a remote domain."
"Researchers at Kaspersky Lab said that the exploit being circulated for this vulnerability is the first confirmed sandbox escape affecting Reader X or higher," writes Threatpost's Michael Mimoso. "'We can confirm the existence of a malicious PDF in the wild that's successfully able to break out of Adobe Reader's sandbox. We've seen successful exploitation on a machine running Windows 7x64 and Adobe Reader 11.0.1,' said Roel Schouwenberg, senior security researcher at Kaspersky Lab."
In a blog post, Adobe's David Lenoe wrote, "Adobe is aware of a report of a vulnerability in Adobe Reader and Acrobat XI (11.0.1) and earlier versions being exploited in the wild. We are currently investigating this report and assessing the risk to our customers. We will provide an update as soon as we have more information."
"The reported Reader zero-days come hot on the heels of two Flash Player zero-days that were being exploited by attackers in spear-phishing campaigns, and for which Adobe issued out of band fixes last week," notes ZDNet's Liam Tung.