According to BleepingComputer, there’s a serious vulnerability in Acrobat Reader that can be exploited to steal sensitive data.
Security researcher Haifei Li says that hackers have been abusing this “highly sophisticated, fingerprinting-style PDF exploit” since December, meaning just over four months.
“This ‘fingerprinting’ exploit has been confirmed to leverage a zero-day/unpatched vulnerability that works on the latest version of Adobe Reader without requiring any user interaction beyond opening a PDF file. Even more concerning, this exploit allows the threat actor to not only collect/steal local information but also potentially launch subsequent RCE/SBX attacks, which could lead to full control of the victim’s system.”
In short, all it takes is opening an infected PDF file to expose your system to an attacker. From there, the attacker could steal your data or even run their own code and take full control of your machine.
Until Adobe patches the vulnerability, Acrobat Reader users are advised to not open PDF files from untrusted sources—which is honestly good sense even without the threat of this exploit.
