Adobe lived up to its promise on Wednesday by releasing updates for Acrobat XI and Adobe Reader XI to address a security flaw that's already being exploited. The exploit lets hackers gain unauthorized access to victim's data through maliciously crafted PDF documents, and may be part of a cyber espionage attack.
Adobe patches critical Acrobat and Reader security threats
The threat was first reported by the security research firm FireEye which noted that the security flaws use maliciously crafted PDF docutments to install apps on the victim's computer that steal passwords and system configuration data, and can log keystrokes, too. The malware uses AES encrytpion and RSA cryptography to communicate with the attacker's servers, which hinted at possibility of espionage.
Patches are available for Acrobat 11.0.01 and earlier, as well as Adobe Reader 11.0.01 and earlier for both Mac and Windows. The security flaw is currently being exploited on Windows-based PCs, but there doesn't appear to be any hack targeting Mac users at the moment.
While this particular threat may not target Mac users, OS X isn't safe from hackers. Apple released a Java update on Tuesday to address a exploit that some of their own computers fell victim to, and on Wednesday security software maker Intego reported a Trojan malware called Pintsized that bypasses OS X's built-in Gatekeeper malware protection feature.
Pintsized could potentially let an attacker set up an encrypted link to the victim's Mac and then then download personal data. The threat isn't in the wild yet, but it does show that hackers are looking to the Mac more often than they used to as a potential target.
Adobe's Acrobat and Reader updates are available for download at the company website, and the company is recommending users install the patches right away since there are known exploits on the Internet.
Security threats are a serious concern for Mac users as well as Windows users, although the number of Mac threats in the wild aren't has high as their PC counterparts. Even still, it's a good idea to use safe practices online like avoiding websites you aren't certain you can trust, and don't open documents unless you're sure of their source.