Adobe Reader flaw more dangerous than thought

A recently discovered vulnerability in Adobe's Acrobat Reader is more dangerous than first thought, security experts have warned. Detected earlier this week, the flaw in the Adobe web browser plug-in allows malicious users to construct the address of any site that hosts an Adobe PDF file and use it in hacking attacks. An attacker could construct seemingly trusted links and add malicious JavaScript code that will run once the link is clicked, experts said.

However, researchers now say that cybercriminals could exploit the vulnerability to steal information directly from the user's hard drive.

"This means any JavaScript can access the user's local machine," Billy Hoffman, lead engineer at SPI Dynamics, said in a statement. "Depending on the browser, this means the JavaScript can read the user's files, delete them, execute programs, send the contents to the attacker, etc. This is much worse than an attack in the remote zone."

According to Adobe, this vulnerability does not affect Acrobat 8 or Adobe Reader 8. The PDF giant vowed to release patches next week for previous versions.