Security researcher Petko D. Petkov has discovered a new zero-day PDF vulnerability that can lead to the complete compromise of a Windows machine.
The flaw can be triggered by simply opening an infected PDF document with Adobe's Acrobat Reader. Of note is that other viewers besides Adobe's Acrobat Reader might be vulnerable as well.
Given that this latest meta media file flaw with PDF documents is so critical, given also that PDFs are used throughout the business world, and given the fact that he expects Adobe will take a while to fix its closed-source product, Petkov said he's refraining from publishing any POC (proof-of-concept) code.
"You have to take my word for it. The POCs will be released when an update is available," he said.
Some folks are understandably miffed by the lack of POC code. However, Petkov's credibility is shored up by five PDF-related "low threat" POCs that he put out earlier in January.
Adobe has since issued a statement saying that it's aware of Petkov's post and is in communication with him as it researches for a fix.
Adobe will post any updates on its Security Bulletins and Advisories page.
Are there preventive measure in the meantime? Petkov recommends staying away from all PDF files. Now, just how practical is it for you to have zero contact with PDF files?
Paul Mah is a writer and blogger who lives in Singapore, where he has worked for a number of years in various capacities within the IT industry. Paul enjoys tinkering with tech gadgets, smartphones, and networking devices.