

Adobe officials say they're investigating claims of a recent attack. A newly published report claims the latest versions of the widely used Reader document viewer are under attack by exploit code that targets a previously unknown vulnerability.

The particular exploit is available in underground forums for as much as $50,000. It's significant because it pierces a security sandbox that until now has proved impervious to other online attacks, KrebsonSecurity journalist Brian Krebs reported on Wednesday. The security mechanism is designed to minimize the damage of attacks that exploit buffer overflows and other types of software bugs by isolating Web content from sensitive parts of the underlying operating system.

The vulnerability affects both Reader X and its recently introduced successor, Reader XI. And it's already incorporated into a custom version of the Blackhole Exploit Kit according to Krebs. The reporter wrote the developer behind Blackhole said he is hoping to add the exploit to the main version of the kit soon. Criminal hackers fold Blackhole into already hacked websites to give them the ability to exploit a wide variety of vulnerabilities when end users visit the sites.

Krebs's report cited a researcher with Moscow-based forensics firm Group-IB.

In an e-mail to Ars, an Adobe spokeswoman wrote: "We saw the announcement from Group IB, but we haven't seen or received any details. Adobe [Product Security Incident Response Team] has reached out to Group-IB, but we have not yet heard back. Without additional details, there is nothing we can do, unfortunately—beyond continuing to monitor the threat landscape and working with our partners in the security community, as always."

Reader's security sandbox has gone a long way in reducing the real-world exploits hitting the document viewer. An exploit that's able to work around that protection and find its way into the widely used Blackhole could be a significant step backward.