Attackers target PDF vulnerability

By

Online criminals have started targeting a vulnerability in Adobe's PDF reader.


Attackers are exploiting the vulnerability through email messages with a specially crafted PDF attachment that is labelled bill.pdf or invoice.pdf. A known vulnerability in the way that the documents are handled subjects recipients to arbitrary code execution, which allows the attacker to recruit a system as part of a botnet or install other malware.

The release of the exploit follows days after a security researcher published a proof of concept for the flaw on 17 October. Adobe released a patch for the vulnerability on Monday 22 October.

Details about the vulnerability were published in late September on the GNU Citizen blog. The blog at the time didn't provide proof of concept (PoC) code, because the author anticipated that Adobe would be slow in creating a patch.

The speedy release of attack code following the proof of concept publication once again illustrated that PoC code can easily be turned into a live attack.
Got a news tip for our journalists? Share it with us anonymously here.
Copyright ©v3.co.uk
Tags:

Most Read Articles

India's alarm over Chinese spying rocks CCTV makers

India's alarm over Chinese spying rocks CCTV makers

Hackers abuse modified Salesforce app to steal data, extort companies

Hackers abuse modified Salesforce app to steal data, extort companies

Cyber companies hope to untangle weird hacker codenames

Cyber companies hope to untangle weird hacker codenames

Woolworths' CSO is Optus-bound

Woolworths' CSO is Optus-bound

Log In

  |  Forgot your password?