New Adobe Zero-day Hole in Reader, Writer

Adobe reported on Wednesday about zero-day flaws in its PDF Reader/Writer which is exploited widely by the hackers. The critical vulnerability was found in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh. Details of vulnerability is not known as of yet.

However, using this hole, an attacker can take control of an affected computer and eventually affects millions of computers that use the popular PDF viewer, Adobe software. An Adobe spokeswoman said that the company was notified about the attack on Tuesday from a private partner company. An affected PDF is available here.

“Unfortunately, there’re no mitigations we can offer,” the advisory CVE-2010-2883 said. “However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available.”