Computerworld reports that Adobe has confirmed that a flaw in its Illustrator software could give hackers a way to run unauthorized software on a victim's computer. The company says it will issue a fix by Jan. 8.
Last week, an unidentified hacker posted a proof-of-concept attack that shows how to exploit the vulnerability. A victim has to open a specially crafted Encapsulated PostScript (.eps) file in Illustrator for the attack to work.
In its security advisory, Adobe rates the attack as "critical" and recommends that users do not open .eps files from unknown or untrusted sources until a patch is available.