McAfee said it has found a vulnerability in Adobe Systems' Reader program that reveals when and where a PDF document is opened. The issue emerges when some users launch a link to another file path, which calls on a JavaScript application programming interface (API), while Reader alerts a user when they are going to call on a resource from another place.
The issue is not a serious problem and does not allow for remote code execution, but McAfee does consider it a security problem and has notified Adobe. It affects every version of Adobe Reader, including the latest version, 11.0.2.
"We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an 'email tracking service' provider. We don't know whether the issue has been abused for illegal or APT attacks," wrote McAfee's Haifei Li.
McAfee declined to reveal the details of the vulnerability as Adobe is yet to release a patch for it. The vendor said that it has already detected a number of groups and people exploiting it, potentially for malicious purposes.
"Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, Internet service provider or even the victim's computing routine. In addition, our analysis suggests that more information could be collected by calling various PDF JavaScript APIs."
McAfee suggests that Adobe Reader users disable JavaScript until a patch is released.
