Home › News › Security
Hackers exploit zero day vulnerability in Adobe Reader and Acrobat
Adobe confirmed yesterday that its Adobe Reader software contains a zero-day vulnerability, crediting the security team at Lockheed Martin, which itself was a victim of an attack through the exploit, and members of the Defense Security Information Exchange for discovering and reporting the bug.
It appears defence contractors are being specifically targeted in this case. Adobe confirmed that the flaw is "being actively exploited in limited, targeted attacks," although no further details were provided.
The company issued a critical security advisory and confirmed the flaw affects multiple operating systems and various versions of its software, though using the latest release in Protected Mode or Protective View reportedly prevents the vulnerability from being exploited.
"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe said in its security advisory. The affected software and operating systems are:
• Reader X 10.1.1 and earlier 10.x versions for Windows and Apple OS X
• Reader 9.4.6 and earlier 9.x versions for Windows, Apple OS X and Unix
• Acrobat X 10.1.1 and earlier 10.x versions for Windows and Apple OS X
• Acrobat 9.4.6 and earlier 9.x versions for Windows and Apple OS X
Adobe was also keen to point out its Reader for Android and Adobe Flash player are not affected. The firm plans to update Windows versions of its 9.x software by no later than the week ending December 12. All other affected versions will receive a patch by January 10, 2012.
Those using Adobe's Reader X and Acrobat X versions are advised to either avoid opening unknown files or use protected mode or protected to access them if necessary until the patch is available in the New Year.
The company was recently in the news at the beginning of November after revealing its shock decision to terminate further development of Flash for mobile browsers. Instead, it will focus solely on HTML5 and other web technologies.
User Comments (7)
Post a comment|
Cota
on December 7, 2011 10:01 AM |
This is where interactive firewalls come handy: *Nod32 traffic window appears whit an unknown incoming communication* *Clicks Remember action, remember IP and Denny button* |
|
Guest
on December 7, 2011 10:30 AM |
I have never been crazy about Adobe in general but they really need to fix and make their products more secure. Why does a .PDF READER need to write stuff anyhow? |
|
Eddo22
on December 7, 2011 10:33 AM |
I ditched adobe reader years ago. Foxit is where .PDF reading is at. |
|
tehbanz
on December 7, 2011 11:32 AM |
Eddo22 said: I ditched adobe reader years ago. Foxit is where .PDF reading is at. seconded! |
|
treetops
on December 7, 2011 1:09 PM |
hmm i need to get rid of adobe its been the focus of hackers off and on since its inception, mines been acting funny lately |
|
TJGeezer
on December 7, 2011 5:47 PM |
tehbanz said: Eddo22 said: I ditched adobe reader years ago. Foxit is where .PDF reading is at. seconded! You're right. Foxit is fast, small and very capable. Plus it doesn't watermark PDFs when printing, unlike some Acrobat alternatives. And I've never seen it crash, unlike Acrobat. |
|
Guest
on December 8, 2011 2:20 AM |
using alternatives does not mean your completely clear of vulnerbilities but that the vulneerbilities in that alternative product has not yet been publicly discovered. |
Most Popular
| Trending | Featured |
-
iOS 5.1.1 untethered jailbreak tool released, supports 4S, iPad 3
-
After five days, Facebook ranks as worst IPO flop of the decade
-
Rumor: AMD "Piledriver" FX CPU production to begin Q3 2012
-
Is Apple's USB wall adapter really worth $29?
-
Google warns users infected with DNSChanger malware, provides help
Editors' Mouse Picks
Subscribe to TechSpot
Get free exclusive content, learn about new features and tech breaking news.
