Adobe has been forced to investigate reports of a zero-day security flaw in its Reader and Acrobat software that leaves users vulnerable to cyber-attacks.
The exploit was discovered by researchers at network security firm FireEye, who suggest users avoid opening any PDF attachments from an unknown source until the loophole is fixed.
UK desperately short of skills needed to combat cyber threats Adobe issues fix for zero-day Flash vulnerabilities Microsoft patch for zero-day exploit cracked
"We have already submitted [an infected PDF] sample to the Adobe security team. Before we get confirmation from Adobe and a mitigation plan is available, we suggest that you not open any unknown PDF files," said a blog post by FireEye.
An Adobe security bulletin said the firm is aware of the exploit being used in the wild, with users being tricked into opening malicious PDF files attached to an email. The flaw exploits the default security settings of the document reader, which Abode suggests can be countered by switching the software to "protected view".
Users who use the default settings of Adobe Acrobat and Reader software will continue to be potentially at risk from malware.
The reported exploit marks the first known malware to breach Adobe's security sandbox in over two years.
Ross Barrett, senior manager of security engineering for vulnerability management and penetration testing company Rapid 7, praised Adobe's response to the reported breach, but warned that more vulnerabilities will be found in the future.
"To their credit, Adobe has responded promptly to the report and they have recently been very agile in getting fixes out quickly when something like this comes to light. They are at least one step ahead of, say, Java, in their security model and practice, but Adobe Reader, and the PDF standard, are extremely flexible (and therefore complex) pieces of technology - this won't be the last flaw found," he said.
In contrast to the positive response to Abode's response to the threat, security experts have criticised Oracle's slow reaction to flaws in Java, which has been described as "a mess".
