Adobe warns of PDF and Reader zero-day flaw

Adobe has issued a security alert about a zero-day flaw in its PDF and Reader formats which is already being exploited by malware writers.

The company said in a blog post that it will release a patch for the flaw on 13 October. In the meantime users are advised to disable JavaScript, although Adobe warned that this may not be a complete solution.

"Adobe plans to resolve this issue as part of the upcoming Adobe Reader and Acrobat quarterly security update scheduled for release on October 13," the firm said.

"Adobe Reader and Acrobat 9.1.3 customers with DEP enabled on Windows Vista will be protected from this exploit. Disabling JavaScript also mitigates against this specific exploit, although a variant that does not rely on JavaScript could be possible.

"In the meantime, Adobe is also in contact with anti-virus and security vendors regarding the issue, and recommends users keep their anti-virus definitions up to date."

The detected malware attack uses a Trojan called 'Troj_Pidief.Uo' which is transmitted via a PDF file infected with a JavaScript agent known as 'Js_Agent.Dt'. The malware installs a backdoor entry system using 'Bkdr_Protux.Bd' to give complete control of the infected computer.

The attacks were confirmed by the Taiwanese National Information and Communication Security Taskforce, an organisation of academics, security researchers, chief security officers and government officials.

Adobe is becoming increasingly concerned at the number of attacks on its formats. Adobe chief technical officer Kevin Lynch said at this week's Adobe Max 2009 conference that the problem is being addressed.

"We have seen an increase in attacks on Reader and Flash. We have an excellent security team working on the issue, and also have a response team to start work immediately on problems as they come in," he said.

"We are looking to decrease the time from bug to fix. It was months, but we now take two weeks for critical fixes."

See also: