Adobe Acrobat vulnerability can compromise you with just a click
Pro tip: Never click on a PDF from an unknown source.
A flaw in the popular Acrobat DC document reader could let hackers into your computer, researchers from Cisco Talos revealed Tuesday. There's a fix out for the vulnerability already.
That's good, because just clicking on a malicious PDF would be enough to let hackers run nasty software on your computer. Adobe released the patch Tuesday, along with several other security updates.
The researchers demonstrated that they could use a classic hacking technique called buffer overflow to exploit the flaw. This approach lets attackers overwrite a section of a software program and run their own code instead. So when you click on the malicious file, your computer will do whatever hackers tell it to do.
Two other flaws found by the researchers and patched by Adobe also had the potential to let hackers run their own code on your computer if you clicked on a PDF. These required more finesse for hackers to exploit but could've ended up causing the same kinds of damage.
Adobe didn't immediately respond to a request for comment. The batch of security updates is the second this month. Earlier in May, the company patched flaws in its Cloud and Flash applications.