Just three days after Adobe shipped a patch with fixes for a critical Adobe Reader vulnerability, hackers are using booby-trapped PDF files to fire exploits against Windows users.
The in-the-wild attacks, first spotted by the SANS Internet Storm Center, follows the public release of proof-of-concept exploits at Milw0rm.com and underscores the importance of quickly patching third-party desktop applications.
From the SANS ISC alert:
Once deobfuscated, parts of the publicly posted PoC are visible, but the attackers also modified certain parts.
Adobe Reader is one of the most widely distributed pieces of software on the Windows ecosystem to the application of this patch should be an absolute priority.
The updates are available at: http://www.adobe.com/support/downloads/detail.jsp?ftpID=4084 (Windows), http://www.adobe.com/support/downloads/detail.jsp?ftpID=4093 (Mac), http://www.adobe.com/support/downloads/detail.jsp?ftpID=4094 (Linux/Solaris).