A ton of people now use Adobe Reader. That’s because of the ease of use in cross platform document exchange. Well, a new zero day has surfaced that makes your reader like a giant hole in a bank. Various sources said that it was being actively exploited. Sure enough, I found source code out there for the exploit being circulated.
The original US-Cert advisory cites a problem with indexing arrays in JBIG2 streams. Yeah, I know, what the heck does that mean? Well, the bottom line is that arbitrary code can be run by the exploiter. What does someone have to do to be exploited? Well, open a pdf document. That simple. So, I would say that you shouldn’t open untrusted pdf docs. No patch has been issued yet.
As an aside, there are also some nasty Adobe flash player exploits making the rounds. Some involved code execution when viewing flash movies and some involve privilege escalation. So, I would say that it’s time for Adobe to roll out a bunch of security updates.
