Adobe has admitted that it has a 'zero-day' vulnerability in Adobe Reader 9 and Acrobat 9 that could be used by cybercriminals to gain access to people's computers.

Using malformed PDFs is a hugely common method for hackers to force open a backdoor into PCs, but it had been believed that running updated versions of Acrobat would stop the problem.

However, Adobe has confirmed that there is a serious problem with its latest PDF readers as well as its predecessors, but will not be issuing a patch until 11 March.

Updates

"Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by 11 March, 2009," said Adobe's release.

"Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow.

"In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers."

Backdoor

Sophos' Graham Cluely has blogged on the problem, explaining: "The risk is that hackers could deliberately construct a malformed PDF file that would trigger the vulnerability, allowing them to open a backdoor and run malicious code on your computer.

"This would mean that criminals could, for instance, spam out a PDF file that would infect your PC, or plant malicious PDF content on a website.

"As PDF files are so widely used on the internet, and regularly exchanged to share information, there is an obvious concern that hackers may be quick to take advantage of this vulnerability."