14 DAY TRIAL // Adobe has released new versions of Adobe Reader and Acrobat in order to address two vulnerabilities, one of which has been actively exploited in the wild since two weeks ago.
Identified as CVE-2011-0611, the flaw affects the authplay.dll Flash Player component bundled with Adobe Reader and Acrobat.
The vulnerability was first discovered as part of targeted email attacks that distributed rogue Word documents rigged with the Flash exploit.
The flaw was patched in Flash Player 10.2.159.1 last Friday, at which time the company announced the week of April 25 as the expected release interval for the Adobe Reader and Acrobat updates.
However, it seems the software developer has decided to accelerate the schedule, probably as a result of more varied attacks that exploit this vulnerability.
"CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player, and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an email attachment targeting the Windows platform," the company writes in its security bulletin.
A few days ago, security firm Armorize reported about a drive-by download attack launched from the infected website of a UK human rights group, that exploited this Flash vulnerability.
Adobe released Adobe Reader 9.4.4 for Windows and Mac, Adobe Reader X (10.0.3) for Mac, Adobe Acrobat 9.4.4 and Adobe Acrobat X (10.0.3) for Windows and Mac.
Adobe Reader X (10.0.2) for Windows remains vulnerable, but its sandbox (Protected Mode) blocks any exploits from executing arbitrary code on the system. Because of this, the product will follow the normal update cycle and will be patched on June 14, 2011.
The second vulnerability addressed by these updates, CVE-2011-0610, is located in the CoolType library, but no attacks are known to exploit it. The Polish CERT and Paul Baccas of Sophos are credited with reporting it.
The latest versions of Adobe Reader for Windows can be downloaded from here.
The latest versions of Adobe Reader for Mac can be downloaded fom here.