Summary. At the time of this report, there is currently a 0-day (zero day) vulnerability with Adobe Reader 9.2 and previous versions. A zero day vulnerability means that the virus has been discovered spreading through the Internet today, yet most anti-virus software doesn’t yet have defense against it. This virus has been reported and verified by Adobe.com, Sans.org, Secunia.com, and Shadowserver.org. Secunia.com has rated this virus as Extremely Critical because it has the ability to allow remote access to systems. A security alert on Adobe’s website states the following:
Adobe has confirmed a critical vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions that could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that this vulnerability is being actively exploited in the wild. Adobe recommends customers follow the mitigation guidance below until a patch is available. Adobe plans to make available an update to Adobe Reader and Acrobat by January 12, 2010 to resolve the issue. [source]
Windows Users. It has been reported that the fast, effective and free AVG Antivirus program has been able to protect against this threat in some cases. Unfortunately, the costly and bloated Symantec, McAfee, and Trend Micro anti-virus programs are not protecting their users. As a precaution, use a program other than Adobe Reader to open PDF files. If you have the Adobe Reader plug-in for your browser, avoid clicking on PDF links until a solution is found. An alternative PDF viewer is PDF-XChange Viewer. PDF-XChange Viewer is free, and it allows for viewing, printing, and creating PDF files.
Apple Users. This may not effect most Apple computer users, since the Apple Preview program is usually set as the default program for viewing Adobe files. However, to be sure, Apple users needing to view Adobe files should right click on PDF files and use the Open With feature to choose Preview. If you’re not sure, avoid opening PDF files directly or clicking on them as web links. Choose to right-click (control click) and download first to open them in Preview.
Future Updates and Notification. According to a security alert today on the Adobe website:
This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.