Adobe released a security advisory to inform their customers on a flaw that affects Adobe Reader X (10.1.1) and earlier versions, and Adobe Acrobat X (10.1.1) and earlier versions, that could allow an attacker to take over a computing device that runs Windows or Macintosh operating systems.
Adobe Reader 9.4.6 and earlier 9.x versions for UNIX and Windows are also susceptible to an attack.
“This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows,” reads the
advisory.
The company promises a fix for the Acrobat and Reader 9.x version no later than the week of December 12. Adobe Acrobat and Reader X will only benefit from a fix in the next quarterly security update that’s planned for January 10, 2012.
The X variants of the products will not be patched right now because the Protected Mode and the Protected View available in this version prevent the exploit from executing.
Adobe Reader X and Acrobat X customers who rely on the aforementioned variants are recommended to activate the Protected Mode and the Protected View on their products.
To do this in Acrobat X, go to
Edit, Preferences, Security and make sure the “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” options are checked. In Reader X, click
Edit, Preferences, General and verify if “Enable Protected Mode at startup” is checked.
Those who utilize the 9.x versions are advised to deploy the updates as soon as they’re released by the vendor to ensure the safety of their devices.
Fortunately, Adobe Reader for Android and Adobe Flash Player are not affected by the issue in any way.
Find us on Google+
No user comments yet.
Be the first to express your opinion!
