The vulnerability, if exploited, would allow malicious users to track the movements of a PDF file. The flaw was discovered by McAfee’s advanced exploit detection system (AEDS) on Friday and according to the company some groups have already started exploiting the vulnerability for the purpose of email tracking. The security company hasn’t provided details about the internals of the vulnerability as Adobe is yet to patch the flaw.
McAfee’s Haifei Li wrote, “Although the issue is not a serious problem (such as allowing code execution), it does let people track the usage of a PDF.”
“We have detected some PDF samples in the wild that are exploiting this issue. Our investigation shows that the samples were made and delivered by an ‘email tracking service’ provider. We don’t know whether the issue has been abused for illegal or APT attacks.”
Hackers may obtain sensitive information such as users IP address, ISP details and even a user’s computing routine by exploiting the vulnerability notes Li.