Serious Adobe 0-day vulnerability in the wild

Another Adobe 0-day vulnerability has been spotted “in the wild”. ShadowServer reports that they have received and examined different malicious PDFs that arrive by email, and found out that they exploit this vulnerability.

They also discovered that the exploit started to be used by malicious individuals 5 days ago, but that the attacks are limited.

Adobe was notified of the vulnerability on Monday afternoon, and they released a security advisory with advice on how to mitigate the risk of the exploitation of the vulnerability the very next day.

The vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions, and it could allow attackers to gain control of the affected system.

Adobe offers the solution – disable JavaScript. Just launch any of the two programs, select Preferences in the Edit menu, select JavaScript, uncheck the ‘Enable Acrobat JavaScript’ option, and confirm it by pressing the OK button.

They also announced an update to the two programs by January 12, which will patch the vulnerability.