Adobe Acrobat 8 – used by many people for its digital signature capabilities – has released a patch for the most recent vulnerability – first reported to them in October of 2007.

The crux of the issue is that a PDF (through Acrobat) can execute code on your system. At the moment, it’s being exploited in the wild through a file called 1.pdf. Granted, not many people use that kind of file naming convention, but I can name at least one who does. The PDF is downloading and executing a trojan (a variant of Zonebac) which is currently not detected by anti-virus software.

It used to be that PDFs were considered “safe”, and I guess the files themselves still are, but the readers are certainly not, they’re just software. My guess is that attackers are getting tired of Word macros and are turning to other document formats for their kicks.

A lot of our clients use Adobe Reader, or Acrobat Standard/Professional for documents, because it supports cross-platform digital signatures. It’s time to update! Luckily, most Adobe updates are applied automatically when you start the program. But with 4 months between when the vulnerability was disclosed and when a patch was released, you’re vulnerable during that time.

This entry was posted on Monday, February 11th, 2008 at 2:21 pm by Laura Raderman and is filed under data protection. You can follow any responses to this entry through the RSS 2.0 feed. You can leave a response, or trackback from your own site.