RSS

Discover news, guides, and products for your business

Follow us on:
Security Alert
Security Alert
Practical security advice » More Security Alert » RSS » All Blogs
  • Recommend:
  • 0 Comments
  • Print
Business Center

Adobe Reader Zero Day Under Attack on Windows

By Tony Bradley, PCWorld

Adobe Reader is under attack again. Adobe has issued a security advisory with details of the latest critical flaw in the popular PDF-viewing utility.

There are reports that the zero day flaw is being actively exploited in the wild with targeted attacks against Adobe Reader 9.x for Windows. However, the flaw itself impacts a broader range of Adobe products, including Adobe Reader X (10.1.1) and earlier versions for Windows and Mac OS X, Adobe Reader 9.4.6 and earlier for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Mac OS X.

Adobe logoAdobe continues to be a weak link and popular target for malware attacks.According to Adobe, a successful exploit of the vulnerability could cause the target system to crash, or potentially allow the attacker to take control of the compromised PC.

Adobe is making it a priority to develop an out-of-band patch for Adobe Reader and Adobe Acrobat 9.x for Windows. The patch is expected no later than next week (the week of December 12).

An Adobe ASSET (Adobe Secure Software Engineering Team) blog post explains, “The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows.”

There is no imminent threat to the other flavors of Adobe Reader or Acrobat, so Adobe plans to issue patches for those as a part of the next scheduled quarterly update—which will occur January 10, 2012. There are no reports of any malicious PDFs targeting Mac OS X or Unix flavors of Adobe Reader or Acrobat, and Adobe Reader X and Acrobat X for Windows operate in a sandboxed protective mode that would prevent any exploit from executing.

As per usual, Adobe is a little light on specifics, and does not provide much guidance in terms of mitigating factors or workarounds to protect vulnerable systems pending the patch. Suffice it to say you should be extra careful about opening any PDF file that is unsolicited or seems in any way suspicious.

Was this article useful? Yes 0 No 0

Read more like this: ,

Tony Bradley

You can follow Tony on his Facebook page, his Google+ profile, or contact him by email at tony_bradley@pcworld.com. He also tweets as @TheTonyBradley.

Comments

  • Become an Android authority

    Play music or games, run productivity apps and essential utilities.

    Get the Superguide now!

Business News Daily

Get the latest technology news that's important to you and your business, fresh seven days a week.

Featured Webcasts
More webcasts »

Free Whitepapers

Software and Services Whitepapers from PCWorld

More whitepapers »

Whitepaper Alerts

Get updates on white papers, case studies, and spotlights on tech products and solutions for your business.