Adobe will patch a security flaw on January 12th, 2010. Until then, hackers are using this flaw to launch attacks and hijack computers:

“… The SANS Institute’s Internet Storm Center (ISC) reported Monday that they’d received samples of a new rigged PDF document that hijacked PCs using a bug Adobe acknowledged Dec. 14. Later last month, Adobe said it would not patch the bug until Jan. 12. In his write-up of the sample, ISC analyst Bojan Zdrnja called the attack PDF “sophisticated” and its use of egg-hunt shellcode “sneaky.””

link: Large-scale attacks exploit unpatched PDF bug

Set a reminder for yourself to patch on January 12th. Until then, please be careful with PDF files. There is also the alternative of disabling JavaScript until this vulnerability is patched.

Catherine Forsythe