There is information that the problem is currently exploited in the wild

Aug 12, 2014 20:33 GMT  ·  By

A new, out-of-band update has been released for Adobe Reader and Acrobat, fixing a security flaw that offers an attacker the possibility to bypass sandbox protection.

In a security bulletin issued on Tuesday, Adobe informs that the vulnerability impacts only the Windows versions of the software, the OS X variants remain unaffected.

There isn’t much information about the problem, which has been assigned the Common Vulnerabilities and Exposures identifier CVE-2014-0546, but there is evidence that it is currently exploited in the wild, although in isolated attacks.

It appears that cybercriminals are leveraging the glitch to target Adobe Reader users. Updating to the latest version of the product is highly recommended.

Adobe acknowledges the work of Costin Raiu and Vitaly Kamluk of Kaspersky Lab for discovering the vulnerability. Raiu, Director of Global Research and Analysis Team at Kaspersky Lab, said that the patch “fixes a rather creative sandbox escape technique that we observed in a very limited number of targeted attacks.”

“Although these attacks are very rare, just to stay on the safe side we recommend everyone to get the update from the Adobe site as soon as possible,” he added in a blog post.

By default, the update is delivered automatically through the built-in mechanism, but it the operation can also be carried out manually by choosing to check for a new version from the Help menu.

Adobe also updated Flash Player, the latest version addressing a suite of seven vulnerabilities.