Symantec has warned of a new vulnerability in Adobe PDF files, which affects Flash files.
In a blog post, security researchers wrote that they had seen an "Adobe Acrobat PDF file that upon opening drops and executes a malicious binary. It was quite clear that this PDF was exploiting some vulnerability in order to drop its payload."
The vulnerability is not one Symantec had seen before, leading the researchers to dub it a "next generation" flaw. It affects Adobe Flash - not the Reader itself - making it a more serious flaw.
"Most vulnerabilities are confined to one technology; for example, a vulnerability may affect a particular browser or a particular operating system, but it is rare for a vulnerability to span multiple platforms and products," the researchers said, adding Flash was unique in that it is used in all major browsers and PDFs.
"The large user base of Flash presents attackers with a huge target audience and will certainly be too much for them to resist," they added.
Symantec said it's likely the flaw will be exploited soon. Symantec advised users to ensure their antivirus is up to date, adding that the flaw is exploitable in Windows XP and Vista - but not on the latter if User Account Controls are running.
Adobe said it expects to have at least a partial fix for Flash players by 30 July, and Adobe Reader the following day.
Adobe has been hit by PDF troubles before, and this year started issuing monthly patches alongside Microsoft.
-
Bigger salaries, more burnout: Is the CISO role in crisis?In-depth CISOs are more stressed than ever before – but why is this and what can be done?
-
Cheap cyber crime kits can be bought on the dark web for less than $25News Research from NordVPN shows phishing kits are now widely available on the dark web and via messaging apps like Telegram, and are often selling for less than $25.
-
Warning issued over “incomplete” fix for Adobe ColdFusion vulnerabilityNews An incomplete fix for a vulnerability disclosure could be placing users at risk, researchers warned
-
Adobe forced to patch its own failed security updateNews Company issues new fix for e-commerce vulnerability after researchers bypass the original update
-
Ask more from your CMSWhitepaper How to get the most value in the shortest timespan
-
Adobe battles fake photos with editing tagsNews Photoshop will include new tagging tools later this year to help fight against misinformation and deep fakes
-
Adobe Photoshop Elements 2019 review: Trapped in the photo-editing middle groundReviews A once peerless beginner’s photo-editing package that’s past its prime
-
How Adobe saved BT £630,000Sponsored Adobe’s digital signature platform is saving time and money - and forging stronger connections between businesses and customers
-
Don't settle when it comes to creativitySponsored Getting the best out of your creative design team means equipping them with the best software
-
The benefits of a subscription serviceSponsored Why software vendors are increasingly moving to a subscription model
