PDP, hacker and main contributor to the excellent GNUCITIZEN blog, revealed yesterday a flaw in Adobe Reader that could potentially put many users’ computers at risk. He defines it as a “HIGH Risk vulnerability: Adobe Acrobat/Reader PDF documents can be used to compromise your Windows box.” The issue was found using Adobe Reader 8.1 on Windows XP SP2 and previous versions and other PDF viewers are also concerned, although he did not say if the vulnerability could also affect other operating systems.
The senior security analyst declined to publish any code showing how the attack works for now, as this would obviously put a lot of people’s PCs at risk. He has promised to make it available as soon as Adobe fix this vulnerability though. For the time being he suggests to avoid opening any PDF files locally or remotely.