Predictions that Adobe will be a top target in 2010 may be holding true. The SANS Institute's Internet Storm Center reports that hackers are actively exploiting a critical vulnerability in Adobe Reader with both targeted and large-scale attacks, according to Computerworld.
ISC says it has seen samples of a new rigged PDF document that hijacks PCs using a bug Adobe acknowledged in December. Joshua Talbot, security intelligence manager at Symantec, confirms that the bug is being exploited:
We're definitely seeing activity out there, since the vulnerability is unpatched ... That puts it in the class of being actively exploited. ... Attackers are crafting one-off exploits for their own purposes, and that there are people who are trying to distribute exploits to as many people as possible.
Adobe is scheduled to patch the bug Jan. 12.