Bidvert-advert

Stay Update - ICT Security

Enter your email address:

We hate spam as much as you do and we will never sell, barter, or rent your email address to any unauthorized third party.

Most Frequently Used Software


CURL / XPertMailer / AutoBlogger / (Parser - PHP Simple HTML DOM)

mercoledì 7 dicembre 2011

Adobe to release emergency patch for critical vulnerability in Reader and Acrobat

Adobe has confirmed that it'll release an out-of-band patch next week for a critical vulnerability in its Reader and Acrobat products.

The company posted an advisory for the recent vulnerability that it confirmed is currently being exploited inside the wild in limited, targeted attacks against Adobe Reader 9.4.6 on Windows.

According to Brad Arkin, senior director, product security and privacy at Adobe Systems, an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows should be released "no later than the week of 12December".

He also confirmed that as Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit targeting this vulnerability from executing, it's planning to handle this issue in Adobe Reader and Acrobat X for Windows with the subsequent quarterly security update on 10 January, 2012. He also said that the danger to Mac and UNIX users was significantly lower, so an update could be released on 10January also.

He said: “The reason behind addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is discreet: That is the version and platform currently being targeted. All real-world attack activity, both on this instance and historically, is proscribed to Adobe Reader on Windows. We haven't received any reports to this point of malicious PDFs getting used to use Adobe Reader or Acrobat for Macintosh or UNIX for this CVE or the other CVE.

“Focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows us to ship the update much earlier. We're responsive to the imminent holidays and are working to get this patch out once possible to permit time to deploy the update before users and staff start to take break day. Ultimately the verdict comes right down to what we will be able to do to best mitigate threats to our customers.”

Arkin also confirmed that this can be the primary attack against Adobe Reader proper (rather than repurposed SWF exploits) since September 2010.



Pubblicato da alle 05:18

Nessun commento:

Posta un commento

Comments links could be nofollow free

Iscriviti a: Commenti sul post (Atom)