Adobe patches Reader again as exploits reappear

Adobe has dashed off a patch for its reader software just as hackers start exploiting a security hole in the ubiquitous PDF viewer.

Adobe put its hands up to a Flash Player flaw last week after an independent researcher found exploits in embedded Flash files within Microsoft Word and Excel files attached to emails.

It was the second time in four weeks that Adobe had found a “zero-day” flaw in its software.

The hole was in Reader and Acrobat which includes code that renders Flash content inserted into PDF files.

When the last patch was issued, on April 15, Adobe said it would fix Reader and Acrobat around April 25.

In fact it managed this three days early.

The flaw was found by Mila Parkour, who said that poisoned PDFs carry filenames that tout information about China, Russia, the Obama administration and the Middle East.

They appear to be attached to messages from editors at the New York Times. They were sent from servers in Utah and China.

The hole does not effect Adobe Reader on Android.