Krebs on Security reported on this yesterday. One forensics firm in Russia, Group-IB, identified the flaw in the latest versions of Adobe Reader. According to their tests, there is a way for a hacked website to exploit the Adobe Reader plugin for web browsers and gain access to the target computer. This would enable a hacker to remotely access the info on the computer as well as run their own software.
The exploit was demonstrated on IE6 but it reportedly works with other web browsers running on Windows. It also luckily has some limitations. For example, it cannot be fully executed until the user closes the web browser (or Adobe Reader).
Right now the exploit is being sold at a high price to a small group of criminals and malcontents but that should change shortly. The hacker who developed the Blackhole Exploit Kit, the most widely used toolkit for attacking users via hacked websites, is interested in including this latest exploit into the Kit.
If and when that happens security experts think this will grow to be a serious issue, so now might be a good time to uninstall the Adobe Reader plugin in your web browser and replace it with something else.
image by devdsp