We use cookies to provide you with a better experience. If you continue to use this site, we'll assume you're happy with this. Alternatively, click here to find out how to manage these cookies

hide cookie message

Adobe Reader Zero Day Under Attack on Windows

Adobe reports that a zero day flaw is being exploited in the wild with targeted attacks against some version of Adobe Reader for Windows.

Adobe Reader is under attack again. Adobe has issued a security advisory with details of the latest critical flaw in the popular PDF-viewing utility.

There are reports that the zero day flaw is being actively exploited in the wild with targeted attacks against Adobe Reader 9.x for Windows. However, the flaw itself impacts a broader range of Adobe products, including Adobe Reader X (10.1.1) and earlier versions for Windows and Mac OS X, Adobe Reader 9.4.6 and earlier for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Mac OS X.

According to Adobe, a successful exploit of the vulnerability could cause the target system to crash, or potentially allow the attacker to take control of the compromised PC.

Adobe is making it a priority to develop an out-of-band patch for Adobe Reader and Adobe Acrobat 9.x for Windows. The patch is expected no later than next week (the week of December 12).

An Adobe ASSET (Adobe Secure Software Engineering Team) blog post explains, "The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows."

There is no imminent threat to the other flavors of Adobe Reader or Acrobat, so Adobe plans to issue patches for those as a part of the next scheduled quarterly update--which will occur January 10, 2012. There are no reports of any malicious PDFs targeting Mac OS X or Unix flavors of Adobe Reader or Acrobat, and Adobe Reader X and Acrobat X for Windows operate in a sandboxed protective mode that would prevent any exploit from executing.

As per usual, Adobe is a little light on specifics, and does not provide much guidance in terms of mitigating factors or workarounds to protect vulnerable systems pending the patch. Suffice it to say you should be extra careful about opening any PDF file that is unsolicited or seems in any way suspicious.

IDG UK Sites

LG G4 Note UK release date and specification rumours: Samsung Galaxy Note 5 killer could be the LG 3......

IDG UK Sites

In defence of BlackBerrys

IDG UK Sites

Why we should reserve judgement on Apple ditching Helvetica in OS X/iOS for the Apple Watch's San...

IDG UK Sites

Retina 3.3GHz iMac 27in preview: Apple cuts £400 of price of Retina iMac with new model