Adobe says it will fix a minor "leakage issue" affecting Adobe Reader and Acrobat which is being exploited by email marketers, but could also be used by an attacker to scope out a target before launching a more serious assault.
Researchers at Intel's security firm McAfee last week reported the discovery of a security and privacy issue affecting all versions of Reader after detecting a few suspicious PDF samples.
McAfee said, although the security flaw was not deemed to be serious, it could be used as a reconnaissance tool in a targeted attack. For example, PDFs emailed to victims by an attacker could provide them with the target's IP address, ISP, or computing routine, according to the firm.
The target would need to open a specially-crafted PDF and click on a link within the document to be exposed, Adobe said.
"A user's IP address and timestamp could be exposed when opening a specially crafted PDF and then clicking a URL within that document," Adobe's product security incident response team said on Friday.
Since it's a "low severity" information leaked issue, it will be resolved during Adobe's scheduled update for Acrobat and Reader due on 14 May.
Although the flaw is technically being used in the wild, it's less severe than the Reader flaws that attackers were exploiting ahead of an emergency patch in February, which could allow them to take over a target's Mac or Windows machine.