In the middle of the last week, Adobe Systems Inc. security notifications reported on a vulnerability (CVE-2009-3459) that has been repeatedly discovered in Adobe Reader and Acrobat. Adobe states that cyber criminals are exploiting an unpatched threat with an aim to obtain full control of a vulnerable user's system. Adobe also states that it is planning to patch that serious security issue in Reader and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Mac and Unix next Tuesday, the exact date of the previously scheduled patch release of the company for the PDF reader.
Online security news has informed that Hackers are able to exploit this particular vulnerability by convincing a user to open a booby-trapped PDF file. By successful exploits, attackers might be enabled to execute arbitrary code in the context of a user, who runs the vulnerable software program. If attackers' efforts are failed exploits are unsuccessful, the attackers’ next plan of action would most probably lead to a denial-of-service attack. The security flaw is currently being exploited in limited targeted attacks, without any development. Adobe states that only that the attacks are aimed at exploiting Adobe's free PDF Reader and Acrobat products to breach Windows operating systems.
This actual vulnerability case (CVE-2009-3459) is at least the third time this year that a target of hackers have targeted an unpatched vulnerability in Adobe Reader or Flash. It is argued that they are installed on a larger base of computers than any Microsoft software products. Adobe has taken flak not only for releasing buggy programs, but for taking too long to fix security issues just after their discovery. In May, Adobe promised to reinvigorate its security program for Reader. For now, what users, who are experiencing this security issue, should do is to stay watchful for Tuesday’s security update of Tuesday from Adobe in order to patch this vulnerability.