Adobe Acrobat security hole discovered

A security hole in Adobe Acrobat has been discovered that could allow malicious hackers to take over other computers, Adobe confirmed Monday.

Adobe has issued a patch for the vulnerability at its Web site and says that to its knowledge no users have been targeted using the exploit.

The security bug means that a specially created Acrobat PDF file could be used to crash Acrobat running on Windows and then run arbitrary code, potentially giving an outsider direct access to the machine.

Adobe was alerted to the problem by a security outfit called Shadow Penguin Security. Andrew Cormack, head of the Computer Emergency Response Team (Cert) within the Janet (Joint Academic Network) Security Department, says that the development is a concern just because of the popularity of exchanging PDF files using email.

"Potentially you could lose control of your machine and that's worrying," he says. "It is yet another way for people to trip themselves up."

Cormack believes, however, that the vulnerability may not immediately inspire a barrage of new viruses or Trojan horse programs disguised as regular PDFs, because it is considerably more difficult to write a PDF file than, for example, a Visual Basic program or a Macro.

Anti-virus vendors recommend that computer users download Adobe's bug fix in order to guarantee that they are not left vulnerable. This is the latest in a row of vulnerabilities that pose a threat to PC security.

Popular email application Microsoft Outlook was the subject of scrutiny last month when a similar bug was uncovered. This could allow a computer virus or similar malicious application to activate upon arrival at a user's computer.

Take me to the Virus Workshop

Take me to the Summer of Hacking Special

Take me to Hackers

What do you think? Tell the Mailroom. And read what others have said.