Adobe Reader is notorious for having security flaws and these flaws are always exploited eventually. By now, you might have lost count of the number of times exploits have been discovered for Adobe’s PDF reader. However, what is interesting this time is that this unknown security flaw has made its way to the black-market and is selling at a considerably high price. This is not a hacker group trying to get some adrenaline flowing from hacking Adobe Reader. This qualifies for organized crime, and Adobe has no clue of what it can do to curb this problem.
The research on this exploit has been carried out by Group-IB. Group-IB is based off Moscow, and is the country’s leading computer security-company. A spokesperson for Adobe, Wiebke Lips, says,
Adobe will reach out to Group-IB. But without additional details, there is nothing we can do, unfortunately— beyond continuing to monitor the threat landscape and working with our partners in the security community, as always.
Adobe was not contacted by Group-IB over this exploit and the exploit is rumored to sell in the black market at $50,000. This is a significant blow for Adobe, as it introduced a sandbox for Reader X. The sandbox was supposed to hold ground against unknown exploit. However, if this exploit really is working, the sandbox has obviously failed and has provided a false sense of security until now.
The exploit works on Microsoft Windows, and starts only after the user closes his web-browser or Reader application. For now, it would be safer to switch to an alternative to Adobe Reader.