Bad PDF files are being used by cybercriminals to attack Adobe Reader.
There is a new security risk for people who use Adobe Acrobat Reader. Researchers have discovered that cybercriminals are exploiting a serious vulnerability that has remained unpatched for months using specially crafted PDF documents.
Specifically, experts warned of an active campaign that has been ongoing since at least December. In this campaign, attackers are using a sophisticated security vulnerability that exploits a previously unknown flaw, present even in the latest software versions.
What's most alarming is that this attack requires virtually no user interaction. Simply opening the malicious PDF file is enough to exploit the vulnerability.
From that moment on, attackers can access local system information and perform more advanced actions.
Among the capabilities detected was the use of built-in Acrobat Reader functions to steal data and prepare for further attacks. This could lead to more serious scenarios, such as remote code execution or complete control of the compromised computer.
Adobe has been notified of the problem but has not yet released an update to address this security vulnerability.
Therefore, experts advise avoiding opening PDF files from unknown or suspicious sources until an official update is released.