Abstract created by Sensible Solutions AI
In abstract:
- PCWorld reviews that Adobe Acrobat Reader accommodates an unpatched zero-day vulnerability that hackers have actively exploited since December.
- Merely opening a malicious PDF file can allow attackers to steal information and probably acquire distant management of your system.
- Customers ought to instantly cease opening PDF recordsdata from untrusted sources till Adobe releases a safety patch for this essential flaw.
In keeping with BleepingComputer, there’s a severe vulnerability in Acrobat Reader that may be exploited to steal delicate information.
Safety researcher Haifei Li says that hackers have been abusing this “extremely subtle, fingerprinting-style PDF exploit” since December, that means simply over 4 months.
“This ‘fingerprinting’ exploit has been confirmed to leverage a zero-day/unpatched vulnerability that works on the newest model of Adobe Reader with out requiring any consumer interplay past opening a PDF file. Much more regarding, this exploit permits the risk actor to not solely gather/steal native info but additionally probably launch subsequent RCE/SBX assaults, which may result in full management of the sufferer’s system.”
Briefly, all it takes is opening an contaminated PDF file to show your system to an attacker. From there, the attacker may steal your information and even run their very own code and take full management of your machine.
Till Adobe patches the vulnerability, Acrobat Reader customers are suggested to not open PDF recordsdata from untrusted sources—which is truthfully good sense even with out the specter of this exploit.
This text initially appeared on our sister publication PC för Alla and was translated and localized from Swedish.
