In a brief blog post, Adobe’s security team has said that it is investigating reports of a brand new zero-day vulnerability affecting its Adobe Reader and Acrobat XI (11.0.1) products.
The concern is related to a blog post by security firm Fireeye who yesterday claimed to have uncovered a PDF zero-day vulnerability being exploited in the wild to infect computers.
Unfortunately, details in Fireeye’s blog post are scant – and so it’s currently impossible for SophosLabs to confirm if this is a genuine zero-day threat.
Nevertheless it would be sensible for all computer users to be extremely cautious about opening unsolicited PDF files. In fact, that’s good advice all year around – not just when there are rumours of a new unpatched vulnerability in Adobe’s software.
SophosLabs continues to monitor the situation, and will update protection for Sophos users as appropriate.Follow @gcluley
PDF image from Shutterstock.