X

Adobe Acrobat vulnerability can compromise you with just a click

Pro tip: Never click on a PDF from an unknown source.

Laura Hautala Former Senior Writer
Laura wrote about e-commerce and Amazon, and she occasionally covered cool science topics. Previously, she broke down cybersecurity and privacy issues for CNET readers. Laura is based in Tacoma, Washington, and was into sourdough before the pandemic.
Expertise E-commerce, Amazon, earned wage access, online marketplaces, direct to consumer, unions, labor and employment, supply chain, cybersecurity, privacy, stalkerware, hacking. Credentials
  • 2022 Eddie Award for a single article in consumer technology
Lori Grunin Senior Editor / Advice
I've been reviewing hardware and software, devising testing methodology and handed out buying advice for what seems like forever; I'm currently absorbed by computers and gaming hardware, but previously spent many years concentrating on cameras. I've also volunteered with a cat rescue for over 15 years doing adoptions, designing marketing materials, managing volunteers and, of course, photographing cats.
Expertise Photography, PCs and laptops, gaming and gaming accessories
Laura Hautala
Lori Grunin

A flaw in the popular Acrobat DC document reader could let hackers into your computer, researchers from Cisco Talos revealed Tuesday. There's a fix out for the vulnerability already.

That's good, because just clicking on a malicious PDF would be enough to let hackers run nasty software on your computer. Adobe released the patch Tuesday, along with several other security updates

The researchers demonstrated that they could use a classic hacking technique called buffer overflow to exploit the flaw. This approach lets attackers overwrite a section of a software program and run their own code instead. So when you click on the malicious file, your computer will do whatever hackers tell it to do.

Two other flaws found by the researchers and patched by Adobe also had the potential to let hackers run their own code on your computer if you clicked on a PDF. These required more finesse for hackers to exploit but could've ended up causing the same kinds of damage.

Adobe didn't immediately respond to a request for comment. The batch of security updates is the second this month. Earlier in May, the company patched flaws in its Cloud and Flash applications.