Users are being urged to use caution when handling PDF files following the discovery and subsequent attack of a flaw in Adobe software.
The company said that it had received reports of attacks targeting a previously unknown flaw in both Adobe Reader and Acrobat. When exploited, the flaw allows an attacker to remotely execute code on a targeted system.
The issue is believed to effect version nine and earlier of both Acrobat and Reader. According to security firm Shadowserver, the vulnerability exists in the way both programs handle JavaScript within PDF files.
The infected files trigger a memory buffer overflow, which in turn allows the attacker to remotely execute code on the targeted system.
"Right now we believe these files are only being used in a smaller set of targeted attacks," wrote researcher Steven Adair.
"However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet."
Adobe said that users should expect to see a fix for the vulnerability by March 11. In the meantime, researchers at both Shadowserver and the US Computer Emergency Response Team recommend that users disable the ability for documents to execute Javascript code in both Acrobat and Reader through the application's preference panel.
.png&h=140&w=231&c=1&s=0)
.png&w=120&c=1&s=0)
EDUtech AU
.png&w=120&c=1&s=0)
Security Exhibition & Conference 2025
Integrate Expo 2025
Digital As Usual Cybersecurity Roadshow: Brisbane edition
iTnews Benchmark Security Awards 2025
.jpg&h=140&w=231&c=1&s=0)
.jpg&h=140&w=231&c=1&s=0)
