We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message
80,259 News Articles

Adobe patches two actively exploited vulnerabilities in Reader and Acrobat

Adobe releases out-of-band patch for Adobe Reader and Acrobat 9.x in order to address actively exploited vulnerabilities

Adobe Systems has released Adobe Reader and Acrobat 9.4.7 in order to patch two vulnerabilities that are being actively exploited in attacks against companies from the defense industry.

One of the security flaws, identified as CVE-2011-2462, was announced on Dec. 6 after Lockheed Martin's Computer Incident Response Team (CIRT) and members of the Defense Security Information Exchange reported it to Adobe.

Symantec confirmed a few days later that the vulnerability had been exploited since the beginning of November in email-based attacks that targeted companies from the telecommunications, manufacturing, computer hardware, chemical and defense industries.

Since the original advisory was published last week, Adobe has learned of a second vulnerability that was also being exploited in the wild. The company assigned an identifier of CVE-2011-4369 to the new flaw, but it's not clear if it's related to the same attacks as the first one.

"The Adobe Reader and Acrobat team was able to provide a fix for this new issue as part of today's update. Note also that at this time, we are only aware of one instance of CVE-2011-4369 being used," said Wiebke Lips, Adobe's senior manager of corporate communications.

Even though the vulnerabilities also affect the Adobe Reader and Acrobat X (10.x) branch, Adobe decided to postpone updates for these versions until the next scheduled update cycle on Jan. 10.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of the type currently targeting these vulnerabilities (CVE-2011-2462 and CVE-2011-4369) from executing, we are planning to address these issues in Adobe Reader and Acrobat X for Windows with the next quarterly security update," the company said in a security bulletin published today.

Updates for Adobe Reader 9.x for Unix will also be released on Jan. 10, because the attacks are not considered an immediate threat to Unix users. Users of the Windows 9.x versions are strongly encouraged to upgrade to Adobe Reader and Acrobat 9.4.7 in order to protect their computers.


IDG UK Sites

Best Black Friday 2014 tech deals: Get bargains on smartphones, tablets, laptops and more

IDG UK Sites

What the Internet of Things will look like in 2015: homes will get smarter, people might get fitter

IDG UK Sites

See how Trunk's animated ad helped Ade Edmondson plug The Car Buying Service

IDG UK Sites

Yosemite tips: Complete Guide to OS X Yosemite