McAfee researchers have warned of an unpatched vulnerability in every version of Adobe Reader that reveals where and when a PDF document is opened.
Although the vulnerability does not allow remote code execution, the researchers found that the vulnerability is being exploited in the wild, according to a blog post by McAfee’s Haifei Li.
“Our investigation shows that the samples were made and delivered by an 'email tracking service' provider,” he wrote. Haifei Li said it is unknown if the vulnerability has been exploited for illegal purposes or carrying out cyber attacks.
While researchers do not consider it a serious problem, they said the issue is a security vulnerability and have reported it to Adobe.
Li said McAfee would also not reveal key details of the vulnerability to protect Adobe Reader users until a patch is available.
Read more about APTs
- Opinion: The APT1 aftermath and information sharing
- AT&T takes APTs seriously
- Conducting APT detection when Elirks, other backdoors hide traffic
- Spear phishing, manpower drive Chinese APTs, says researcher at RSA 2013
- APTs: Are they really a concern for all businesses?
- Half of UK networks vulnerable to APTs
- Surviving cyberwar: Preparing for APTs, Stuxnet malware-style attacks
“Malicious senders could exploit this vulnerability to collect sensitive information such as IP address, internet service provider, or even the victim’s computing routine,” he wrote, noting that collecting information about targets is often the first step in an advanced persistent attack (APT).
The case highlights the point that privacy protection is a part of security and demonstrates the need for constant exploration of methods of detection. Exploits of this vulnerability will not trigger memory corruption or code execution alerts.
“Some of the most advanced detection technologies in the industry failed to detect them,” wrote Li.