Serious Adobe 0-day vulnerability in the wild
Another Adobe 0-day vulnerability has been spotted “in the wild”. ShadowServer reports that they have received and examined different malicious PDFs that arrive by email, and found out that they exploit this vulnerability.
They also discovered that the exploit started to be used by malicious individuals 5 days ago, but that the attacks are limited.
Adobe was notified of the vulnerability on Monday afternoon, and they released a security advisory with advice on how to mitigate the risk of the exploitation of the vulnerability the very next day.
The vulnerability exists in Adobe Reader and Acrobat 9.2 and earlier versions, and it could allow attackers to gain control of the affected system.
They also announced an update to the two programs by January 12, which will patch the vulnerability.