We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

PCs could be compromised by Adobe flaw

Opening a malicious PDF will give hackers control of a system

A flaw in Adobe Reader and Acrobat could see a PC comprised if users open a malicious PDF, security researchers have warned.

According to Symantec and the Shadowserver Foundation, hackers are exploiting the flaw in the wild, although attacks are not widespread yet.

A buffer overflow condition can be triggered by opening a specially-crafted PDF, which gives the attackers control of the computer. Shadowserver said that the flaw could be exploited on systems running Microsoft's Windows XP SP3.

Adobe called the flaw 'critical,' it's most severe rating, and said it will release a patch for Reader 9 and Acrobat 9 by March 11. The company said patches for version 8 of Reader and Acrobat will follow, then finally for version 7 of Reader and Acrobat.

Visit Broadband Advisor for the latest internet news, reviews, tips & tricks - and to take advantage of PC Advisor's unique, independent Broadband Speed Tester

Visit Security Advisor for the latest internet threat news, FREE net threat email newsletters, and internet security products

In the meantime, hackers will quickly try to use the flaw. PDF vulnerabilities are especially dangerous since the file format is widely used.

"Right now we believe these files are only being used in a smaller set of targeted attacks," Shadowserver said in an advisory. "However, these types of attacks are frequently the most damaging, and it is only a matter of time before this exploit ends up in every exploit pack on the internet."

There are a couple of defences PC users can employ until the patch arrives. Users should not open PDFs from untrusted sources, Symantec said. Also, since the attack relies on JavaScript, users can disable that function in Acrobat and Reader, Shadowserver advised.

"You have the choice of small loss in functionality and a crash versus your systems being compromised and all your data being stolen," the organisation said. "It should be an easy choice."

See also: Flash Player 10 for smartphones demoed

IDG UK Sites

Samsung Galaxy S6 review: Hands-on with the new Samsung Galaxy. Samsung's flagship is more iPhone-lr......

IDG UK Sites

5 things we hate about MWC: What it's like to be a journalist at a technology trade show

IDG UK Sites

Ractive powers The Guardian's interactive infographics – and lets novice coders build complex...

IDG UK Sites

12in Retina MacBook Air release date rumours: new MacBook Air to have fingerprint ID, could launch...