Attackers target PDF vulnerability

By

Online criminals have started targeting a vulnerability in Adobe's PDF reader.


Attackers are exploiting the vulnerability through email messages with a specially crafted PDF attachment that is labelled bill.pdf or invoice.pdf. A known vulnerability in the way that the documents are handled subjects recipients to arbitrary code execution, which allows the attacker to recruit a system as part of a botnet or install other malware.

The release of the exploit follows days after a security researcher published a proof of concept for the flaw on 17 October. Adobe released a patch for the vulnerability on Monday 22 October.

Details about the vulnerability were published in late September on the GNU Citizen blog. The blog at the time didn't provide proof of concept (PoC) code, because the author anticipated that Adobe would be slow in creating a patch.

The speedy release of attack code following the proof of concept publication once again illustrated that PoC code can easily be turned into a live attack.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Microsoft knew of SharePoint security flaw in May, initial patch ineffective

Allianz Life says majority of US customers' data stolen in hack

Allianz Life says majority of US customers' data stolen in hack

NT gov agency targeted in alleged $3.5m BEC scam

NT gov agency targeted in alleged $3.5m BEC scam

Gov to encourage vuln research, puts insurers and NFPs on notice

Gov to encourage vuln research, puts insurers and NFPs on notice

Log In

  |  Forgot your password?