A new vulnerability has been discovered in Adobe Reader by security firm McAfee. The vulnerability makes it possible for people to see how a PDF file has been used. This un-patched security issue exists in every version of Adobe Reader, according to Haifei Li of McAfee. The latest sandboxed Adobe Reader XI, version 11.0.2, also has this vulnerability. It doesn’t allow code execution, meaning that this flaw isn’t a problem that should set off alarm bells, but it could pose a certain kind of threat.
The vulnerability only allows a sender to see where and when a PDF file has been opened. It is not entirely harmless though. This security flaw could be used by hackers to gain sensitive information such as ISP details and IP addresses McAfee hasn’t been able to pinpoint who is exploiting this Adobe Reader flaw as yet, but believes that an “email tracking service” provider is involved. Adobe hasn’t commented on this issue as yet, though McAfee says that they have reported this security flaw to Adobe, who haven’t confirmed to them whether they’ll be releasing a patch in the near future.