Miscreants have reportedly discovered a zero-day vulnerability in latest version of Adobe Reader.
Exploits based on the vulnerability, which circumvents sandbox protection technology incorporated into Adobe X and Adobe XI, are on sale in underground forums. Pricing starts at a hefty $30,000 but the exploit has already made its way into custom versions of the Blackhole Exploit Kit, a popular tool for the distribution of banking trojans such as ZeuS using drive-by download attacks.
The illicit trade was discovered by Moscow-based forensics firm Group-IB, which has produced a video illustrating the basic concepts (but not details) of the attack, which early analysis suggests only works against Windows installations of Adobe Reader. (Read More)