Lockheed Martin warns of critical cyber vulnerability

Defence contractor Lockheed Martin has warned of a new vulnerability in Adobe's Reader and Acrobat programmes, which could mean it has suffered a cyber attack that exploited this flaw.

Adobe advised users of the zero-day (which is cyber security speak for 'not previously known') vulnerability this week in a message on its site.

It explained that the issue could affect even the latest patched version of both programmes, and described how it would affect users.

"This vulnerability could cause a crash and potentially allow an attacker to take control of the affected system.

"There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows."

The company said it hoped to release a patch to fix the problem in the week commencing 12 December 2011.

At the end of its message, Adobe concluded by thanking Lockheed Martin for providing the information.

"Adobe would like to thank Lockheed Martin and members of the Defense Security Information Exchange for reporting this issue and for working with Adobe to help protect our customers."

Given that the vulnerability had not previously been discovered, it is likely the defence contractor found it through being the victim of an attack that used the flaw as a way into its network.

Lockheed Martin, which opened its new UK Cyber Security Intelligence Centre earlier this month, was the subject of a different cyber attack, which it described as 'significant and tenacious' in May this year.

This earlier attack is thought to have been enabled via the security breach at secure token specialist RSA, whose products Lockheed Martin was using to secure its identity and access management processes at the time.

Similarly, the RSA hack, which parent company EMC later admitted cost it £40m, also exploited a zero-day Adobe vulnerability, this time in its Flash programme.

Lockheed Martin was unavailable for comment at the time of writing.