A vulnerability in Adobe Reader and Adobe Acrobat is being actively exploited by cybercriminals using infected email attachments, experts have warned.
Experts are warning surfers to be cautious when opening PDF file attachments in emails after a vulnerability in Adobe Reader and Adobe Acrobat.
Security researcher Mila Parkour discovered the vulnerability and has posted details of how the exploit works on
her blog.
Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh are all affected. Adobe has since issued a security advisory though a patch for the vulnerability hasn't been distributed yet.
"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild," Adobe confirmed on the Adobe Product Security Incident Response Team (PSIRT) blog.
Adobe rated the vulnerability as 'critical', its highest severity warning level.
Jerome Segura, security researcher at ParetoLogic, made a video demonstration of how the exploit works.
"We recommend users to be extremely careful when opening up email attachments as well as keeping their AV up to date with real time protection enabled," said Segura.
