Adobe Warns of Zero Day Attacks to Reader, Acrobat

Adobe Warns of Zero Day Attacks to Reader, Acrobat

Adobe on Tuesday confirmed the existence of an unpatched zero day vulnerability rated as "critical" in Adobe Reader X (10.1.1) and earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macs. In theory, the critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected machine. And in practice?

"There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," Adobe stated in a Security Advisory.

Unpatched security holes in Adobe software are nothing new, but what's disturbing about this one is the shout out to Lockheed Martin CIRT and members of the Defense Security Information Exchange for reporting the issue. It's possible, or at least conceivable, that U.S. defense agencies may have come under attack, though there have been no related reports, so it's purely speculation at this point.

At the same time, the issue has Adobe concerned enough to work on an out-of-schedule patch to be rolled out no later than the week of December 12, 2011.

0
+ -

Yowza! Stay away from porn sites people! Lol

0
+ -

lockheed did get hacked a while ago. maybe again? wouldnt surprise me.

+3
+ -

Again !!! ?? I also p pretty surprising how many folk do not update Adobe reader and flash .. a dang good article to share for reg folks to keep those 2 in check and updated.

0
+ -

Bah what a surprise. Adobe software is full of holes and is constantly being exploited. Flash is what I would say 60% of the scareware Anti-virus software (viruses) install through on peoples machines. Good thing the defense agencies have private networks that are not connected to the internet for the really important stuff. They better have the patch available sooner than the week of the 12th even if those coders have to work overtime.

0
+ -

You said it... Though I don't know if Adobe is going to do much to fix holes before they have to announce they have a hole; I will say that my experience with Flash and Reader are entirely different, due to me not gaining as much malware and viruses that went through those programs. Guess I either got a good sense of what's good and what's bad, or a good security program.

0
+ -

Yeah, but if this was Lockheed that was attacked, I'm not at all surprised that they were using an obsolete version. My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago.

0
+ -

timaeus:
We were forced to use IE6 up until 6 months or so ago

my condolences

0
+ -

" My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago. "

The company I work for just got new PC's (had them down-graded from Windows 7 to Windows XP Professional...for what reason is still unknown); their Win updates are set for manual,yet nobody ever updates...would be very surprised if we didn't get hacked at some point in the future.

Login or Register to Comment
Post a Comment
Username:   Password: