A remote code execution vulnerability that existed in Adobe Acrobat and Adobe Reader, which the company patched up in 2010, is still being exploited by malware developers that rely on malicious PDF files to ensure the success of their campaigns.
Symantec products stopped many of these PDF attacks this month, the maximum number being recorded on February 16 with close to 3,500 hits.
The way in which the malware determines the current version of the PFD reader, by converting the version into an integer that can be compared to a certain threshold that represents the application’s variant, confuses malware analysts and antivirus scanners.
Symantec’s findings basically show that there are still a lot of users who fail to upgrade Adobe Reader and Acrobat, giving malware developers the opportunity to simply upgrade their products to ensure them a high rate of success.
Since Adobe products are usually highly targeted by malicious operations, it’s always recommended that customers update their applications whenever the vendor makes available a new version.