It’s good that Group-IB has publicly disclosed this vulnerability in Adobe, and hopefully Adobe will be able to get their hands on this exploit and patch it as soon as possible to safeguard customers.
Right now, this exploit isn’t a wide-spread threat to most consumers; however, it could be a concern to large organizations and government agencies that are susceptible to highly targeted attacks that frequently use exclusive 0 day exploits.
I would highly advise users that do not need the Adobe plug-ins to disable them and scrutinize all PDF documents from un-trusted sources, especially if you work with the government or businesses that have been targeted in APT-style attacks.
Once this exploit is available to the public, there is potential for it to be added to Black Hole and other exploit kits and it may even be improved from its current state for malicious intent to address multiple platforms.
Author: Marcus Carey, security researcher at Rapid7.
By subscribing to our early morning news update, you will receive a daily digest of the latest security news published on Help Net Security.
With over 500 issues so far, reading our newsletter every Monday morning will keep you up-to-date with security risks out there.