We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,258 News Articles

Adobe patches two actively exploited vulnerabilities in Reader and Acrobat

Adobe releases out-of-band patch for Adobe Reader and Acrobat 9.x in order to address actively exploited vulnerabilities

Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin's Computer Incident Response Team (CIRT) and members of the Defense Security Information Exchange reported it to Adobe.

Symantec confirmed a few days later that the vulnerability had been exploited since the beginning of November in email-based attacks that targeted companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries.

Since the original advisory was published last week, Adobe has learned of a second vulnerability that was also being exploited in the wild. The company assigned an identifier of CVE-2011-4369 to the new flaw, but it's not clear if it's related to the same attacks as the first one.

"The Adobe Reader and Acrobat team was able to provide a fix for this new issue as part of today's update. Note also that at this time, we are only aware of one instance of CVE-2011-4369 being used," said Wiebke Lips, Adobe's senior manager of corporate communications.

Even though the vulnerabilities also affect the Adobe Reader and Acrobat X (10.x) branch, Adobe decided to postpone updates for these versions until the next scheduled update cycle on Jan. 10.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing, we are planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update," the company said in a security bulletin published today.

Updates for Adobe Reader 9.x for Unix will also be released on Jan. 10, because the attacks are not considered an immediate threat to Unix users. Users of the Windows 9.x versions are strongly encouraged to upgrade to Adobe Reader and Acrobat 9.4.7 in order to protect their computers.


IDG UK Sites

Best Black Friday 2014 tech deals UK: Get bargains on phones, tablets, laptops and more this Black...

IDG UK Sites

Tomorrow's World today (or next year)

IDG UK Sites

25 iOS apps turn (Red) for World AIDS Day campaign

IDG UK Sites

Advanced tips for Mac OS X Yosemite: use Yosemite like an expert - 5 new tips added