14 DAY TRIAL // Security firms are watching a serious unpatched vulnerability in Adobe's Reader that is actively being exploited to install malware on users' computers. The vulnerability has been confirmed in versions 8.1.3 and 9.0.0 of Adobe Reader running on Windows XP Service Pack 3 and is believed to also work on other versions of Windows, as well as Linux and Mac OS X, according to an Shadowserver advisory.
Shadowserver's Steven Adair said that, while Adobe for machines running Linux and Mac OS X was not tested, the two platforms may also be vulnerable. According to the security firm, there are multiple versions of the exploit that are actively circulating, one of which installs a remote access trojan known as Gh0st RAT.
"Right now we believe these files are only being used in a smaller set of targeted attacks," Shadowserver's advisory reads. "However, these types of attacks are frequently the most damaging and it is only a matter of time before this exploit ends up in every exploit pack on the internet."
Adobe, for its part, reports the vulnerability as such (excerpts):
Buffer overflow issue in versions 9.0 and earlier of Adobe Reader and Acrobat
[...]
Platform: All platforms
Summary
A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.
Affected software versions include Adobe Reader 9 and earlier versions, Adobe Acrobat Standard, Pro, and Pro Extended 9 and earlier versions. “Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources,” reads the security bulletin.
According to the same document, Adobe is planning to release updates to Adobe Reader in order to to resolve the security issue. The company “expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009,” while “updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.”
Adobe assures users of its Reader program that the company is actively working with anti-virus vendors like McAfee and Symantec to eliminate the vulnerability. When it does produce a patch, Adobe promises to post a security bulletin on its web site's Security section.