Adobe on Tuesday confirmed the existence of an unpatched zero day vulnerability rated as "critical" in Adobe Reader X (10.1.1) and earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macs. In theory, the critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected machine. And in practice?
"There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," Adobe stated in a Security Advisory.
Unpatched security holes in Adobe software are nothing new, but what's disturbing about this one is the shout out to Lockheed Martin CIRT and members of the Defense Security Information Exchange for reporting the issue. It's possible, or at least conceivable, that U.S. defense agencies may have come under attack, though there have been no related reports, so it's purely speculation at this point.
At the same time, the issue has Adobe concerned enough to work on an out-of-schedule patch to be rolled out no later than the week of December 12, 2011.
|Early iPhone 6 Benchmark Results Show...||10|
|Microsoft To Announce $2.5B Minecraft...||6|
|Tables Turn: Samsung Disses Apple iPhone...||6|
|First Destiny Reviews Not Flattering, A...||6|
|Apple Store Buckles Under Load Of iPhone...||6|
|Apple Shares Fall Following iPhone 6...||6|
|Stephen Hawking Expresses Concern Over...||6|