Adobe warns that a spam campaign abusing its name and falsely notifying users about security updates for Adobe Reader and Acrobat is currently making the rounds. The rogue emails cite a real vulnerability and encourage users to download malware disguised as a security update.
In recent years, widespread Adobe products, like Reader or Flash Player, have been a constant source of high risk remote code execution vulnerabilities, many of which released as zero-day and actively exploited in the wild before seeing a patch. Such incidents have attracted so much media attention and public interest that it's understandable why cybercriminals would want to profit from them.
This latest email-based malware distribution campaign warns users about a vulnerability identified as CVE-2010-0193
in MITRE's Common Vulnerabilities and Exposures (CVE) database. The bug was publicly disclosed and addressed
by Adobe on April 13 as part of its quarterly update cycle.