Over a month after security analyst Petko D. Petkov publicly revealed a zero-day security flaw affecting Adobe's Reader software on Windows XP, Adobe has finally plugged the hole. As Newsfactor reports, Adobe has released updated versions of its Acrobat and Reader applications with fixes. The new Adobe Reader is available here, while an update for Adobe Acrobat 8 is up over on this page.
Adobe owned up to the existence of the security hole, which could be exploited to allow attackers to take over a Windows system via nothing more than a maliciously crafted PDF file, just over two weeks ago. The company then published a workaround that involved editing the Windows registry to update program settings, and it said it would have patches out shortly.
Those patches may be out now, but hackers have already had time to develop malware that exploits the flaw on unpatched systems. NewsFactor says security firm iSight Partners uncovered spam e-mail with attached PDFs that taps the vulnerability to install rootkit files on victims' systems. The malware is installed in the Windows directory as 9129837.exe and new_drv.sys files, and it's reportedly designed to steal financial data from target PCs. Symantec also reports that a trojan known as Pidief.A has been disseminated using the PDF vulnerability. According to NewsFactor, users of Windows XP who also run Internet Explorer 7 are targeted.