Microsoft Windows was the biggest target for malware for many years, but that seems to be changing. Now that Windows 7 is a little better about security, it is no longer the low-hanging fruit that the malware writers target.  Adobe is now in their sights.

A zero day (unpatched, i.e. no protection) vulnerability for Adobe Reader was found more than a week ago, and now news comes out the Adobe Flash Player also has a zero day vulnerability.

And there are infected PDFs out there in circulation, that will infect Windows on your computer if you open them.  And anti-virus will not protect you, and there is no patch from Adobe for this.

Solution? For now, use Foxit Reader on Windows or Preview (built-in) on Mac OS X. And use NoScript or a Flash blocker on Firefox to block Flash animations that could be used to infect your computer.

And if you use Adobe Reader in the future, at least turn off JavaScript in it.  A really, really, really bad idea for Adobe to let your PDF run JavaScript code.  What were they thinking?  I guess they were following Microsoft's example with ActiveX in Internet Explorer that's been responsible for so much suffering for Windows users over the years.

Oh, and this affects Android, too, because it uses Adobe Flash Player.  So maybe Apple's Steve Jobs isn't crazy to avoid Flash Player like the plague after all - it isn't allowed on the iPhone, iPod Touch or iPad. Sounds good to me ;-)

So now we are seeing vulnerabilities on our mobile devices in the mainstream.  Not good.

Links:

Flash Player Zero-Day Could Affect Android Too

Adobe gets more zero day exploit mayhem