Adobe has released an emergency patch to address the critical vulnerabilities in Reader and Acrobat currently exploited in the wild. Considering the seriousness of the issue, users are advised to update as soon as possible.The vulnerabilities, a memory corruption and a buffer overflow, affect Reader and Acrobat 11.0.01 and earlier, and 10.1.5 and earlier for Windows and Macintosh. Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Linux and Macintosh are also impacted.
Security firm McAfee has published a report to detail the sandbox-escape technique used for the PDF exploit.
“The sandbox escape in this zero-day exploit is due to a heap-based overflow vulnerability that occurs when the broker process handles the call request of the native API GetClipboardFormatNameW,” McAfee experts explained.
Adobe Reader for Windows is available for download here
Adobe Reader for Mac is available for download here
Adobe Reader for Linux is available for download here
Adobe Acrobat for Windows is available for download here
Adobe Acrobat for Mac is available for download here