Adobe has acknowledged reports of an active security threat in Adobe Reader and Acrobat XI 11.0.1 and earlier that's being already being exploited by hackers, and plans to release emergency updates some time this week to patch the flaws. The exploit is highly sophisticated on the level of espionage cyber attacks, according to security research company Kapersky Labs.
Adobe to patch Acrobat exploits this week
The threat was first reported by the security research firm FireEye which noted that the security flaws use maliciously crafted PDF docutments to install apps on the victim's computer that steal passwords and system configuration data, and can log keystrokes, too. The malware uses AES encrytpion and RSA cryptography to communicate with the attacker's servers, which also hints at possible espionage.
While Acrobat and Adobe Reader on the Mac appear to be vulnerable to the flaw, it appears that only Windows-based PCs are being targeted for now.
Adobe hasn't said when this week the Acrobat and Adobe Reader updates will be released, but has promised they are on the way.