Adobe warns of zero-day hole in Reader, Acrobat

Critical vulnerability could allow an attacker to take control of a computer, company says, and no patch is available yet.

Elinor Mills Former Staff Writer

Elinor Mills covers Internet security and privacy. She joined CNET News in 2005 after working as a foreign correspondent for Reuters in Portugal and writing for The Industry Standard, the IDG News Service and the Associated Press.

See full bio

Elinor Mills

Sept. 8, 2010 10:34 a.m. PT

Adobe on Wednesday warned of a zero-day hole in Reader and Acrobat that is reportedly being exploited in the wild.

The critical vulnerability is in Adobe Reader 9.3.4 and earlier versions for Windows, Macintosh, and UNIX, and Adobe Acrobat 9.3.4 and earlier versions for Windows and Macintosh, according to the security advisory. The hole could allow an attacker to take control of an affected computer and potentially affects millions of computers using the Adobe software, which is the most popular PDF (portable document format) viewer.

The company said it is evaluating the schedule for releasing a security update to resolve the issue.

"Unfortunately, there are no mitigations we can offer," the advisory said. "However, Adobe is actively sharing information about this vulnerability (and vulnerabilities in general) with partners in the security community to enable them to quickly develop detection and quarantine methods to protect users until a patch is available."

Adobe learned of the issue on Tuesday, according to a company statement.