Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

venerdì 9 dicembre 2011

Adobe security update being issued for zero-day in Reader, Acrobat for Windows

Hillary O'Rourke, Contributor

Adobe Systems has released a safety advisory, warning of a critical zero-day vulnerability in its Adobe Reader and Acrobat for Windows. In its security advisory, the corporate says the flaw is being actively exploited.

The cause of addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is discreet: That is the version and platform currently being targeted.

Brad Arkin, Adobe

The vulnerability affects Adobe Reader X 10.1.1 and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X 10.1.1 and earlier versions for Windows and Macintosh.

The critical vulnerability, CVE-2011-2462, is because of corruption within the U3D memory, a technology that allows Reader and Acrobat to engage with 3D objects. An attacker could create a malicious PDF containing a 3D object and cause a crash and potentially take control over the affected system.

“There are reports that the vulnerability is being actively exploited in limited, targeted attacks within the wild against Adobe Reader 9.x on Windows,” Adobe said in its Product Security Incident Response Team (PSIRT) blog post.

Product engineers are preparing a fix and plan to issue an out-of-cycle Abode security update for Adobe Reader and Acrobat for Windows no later than the week of December 12, said Brad Arkin, director of product security and privacy at Adobe. Adobe Reader X Protected Mode and Adobe Acrobat X Protected View won't see an update until the following quarterly Adobe security update slated for January 10, 2012, Arkin wrote in a blog post shedding information about the flaw.

 “The cause of addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is unassuming: Here's the version and platform currently being targeted,” wrote Arkin. “We haven't received any reports to this point of malicious PDFs getting used to milk Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or another CVE).”

This is the primary zero-day vulnerability present in Adobe Reader and Acrobat code, not in relation to Flash Player, since September 2010. Adobe Reader for Android and Adobe Flash Player aren't suffering from the difficulty.


Dig Deeper
  • Folks that read this also read...


Pubblicato da alle 04:28

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)