AfterDawn: News

Adobe warns of serious Acrobat, Reader vulnerability

Serious vulnerability being exploited in targeted attacks.

Adobe has issued a security advisory outlining a serious vulnerability that could allow an attack to take control of an affected system. The bug affects Adobe Reader X (10.1.1) and earlier on Windows and Mac, and Adobe Reader 9.4.6 and earlier 9.x versions for Linux.



It also affects Adobe Acrobat X (10.1.1) and earlier versions for the Windows and Mac operating systems. The company confirmed that the vulnerability is being actively exploited in the wild with attacks targeted against Adobe Reader 9 on Windows.

Adobe is urging users to stick to the X versions of both products, because Protected Mode in Reader X, and Protected View in Acrobat X, will prevent the exploit from executing through sandboxing techniques. Since the sandboxing works effectively against the exploit in the wild, Adobe will not address the issue until its next quarterly security updates, which are scheduled for January 10.

Adobe Reader for Android and Adobe Flash Player are not affected by this issue.

Written by: James Delahunty @ 8 Dec 2011 10:39

• Previous article

• Nokia to sell off Vertu luxury phone brand

• Next article

• Xbox Live terms update rules out lawsuits, limits liability

• 4 comments

• SomeBozo

  This isn't surprising, for me Adobe has a terrible track record on security. I worked at m1cr0s0ft when we stopped all new development and did only security fixes after nimda and slammer hit. In the process although ad0be wasn't an M$ product there were a number of security holes found in it, fine nothing prefect. Why i lost confidence was ad0be's reaction when the were informed of the security defects, they refused to listen and denied they existed not sure if they all still exist or not. That was back 2003/04, I wouldn't be surprised if they are only now fixing them?
  
  

  8.12.2011 10:55 #1

• LordRuss

  Originally posted by SomeBozo: ...I wouldn't be surprised if they are only now fixing them? That has always been my complaint with these high end software moguls... some kind of major flaw in the software, time to fix it, but how long has the problem been there causing other problems & are they going to take responsibility for the subsequent damage? Granted 'damage' is relative & can you really put a price on it, but it is a precedence.
  
  With the lack of concern to which this ultra rich corporations go at fixing/addressing these issues you'd think they were under the misguided delusion that the problem would go away on its own. Kind of like how a child hides under a blanket as though it were a Kevlar vest against the boogey man.
  

  http://onlyinrussellsworld.blogspot.com

  8.12.2011 11:44 #2

• ROMaster2

  Good thing I use Sumatra PDF!

  8.12.2011 17:40 #3

• SomeBozo

  Originally posted by ROMaster2: Good thing I use Sumatra PDF! I like Fox-It too, very nice.
  
  

  8.12.2011 17:44 #4