Criminals have gained access to a newly discovered flaw in Adobe’s Reader X program that can beat its sandboxing security isolation technology, Russian security firm Group-IB has claimed.
According to brief details posted on the company’s site, the zero-day vulnerability is now circulating in new versions of the notorious Blackhole Exploit Kit, the most significant distribution system for a host of malware types, including bank Trojans such as SypeEye and Zeus.
The fact that even patched versions of Reader X will be vulnerable to the flaw explains the reported price paid for knowledge of its workings, said to $30,000 to $50,000.