Adobe Warns of Zero Day Attacks to Reader, Acrobat

rated by 0 users
This post has 8 Replies | 2 Followers

Top 10 Contributor
Posts 24,884
Points 1,116,905
Joined: Sep 2007
ForumsAdministrator
News Posted: Wed, Dec 7 2011 9:31 AM

Adobe on Tuesday confirmed the existence of an unpatched zero day vulnerability rated as "critical" in Adobe Reader X (10.1.1) and earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macs. In theory, the critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected machine. And in practice?

"There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," Adobe stated in a Security Advisory.

Unpatched security holes in Adobe software are nothing new, but what's disturbing about this one is the shout out to Lockheed Martin CIRT and members of the Defense Security Information Exchange for reporting the issue. It's possible, or at least conceivable, that U.S. defense agencies may have come under attack, though there have been no related reports, so it's purely speculation at this point.

At the same time, the issue has Adobe concerned enough to work on an out-of-schedule patch to be rolled out no later than the week of December 12, 2011.

  • | Post Points: 95
Top 200 Contributor
Posts 331
Points 2,415
Joined: Sep 2011

Yowza! Stay away from porn sites people! Lol

  • | Post Points: 5
Top 150 Contributor
Posts 509
Points 3,965
Joined: Oct 2010
Location: HOLLAND!!!!
jonation replied on Wed, Dec 7 2011 10:13 AM

lockheed did get hacked a while ago. maybe again? wouldnt surprise me.

CPU: e6400 @ 3.2 (H-50'd)
MB: MSI p6n
RAM: 4G adata
GPU: GTS-450 and 8800GTS for Physx
HDD: WD 500G Black
PSU: 620W Corsair  Mod.
Case: 900-2 with 7 cathodes and AP-15s
OS: W7 and Ubuntu

  • | Post Points: 5
Top 50 Contributor
Posts 2,365
Points 30,865
Joined: Nov 2010
Location: Crystal Lake,IL
rrplay replied on Wed, Dec 7 2011 10:15 AM

Again !!! ?? I also p pretty surprising how many folk do not update Adobe reader and flash .. a dang good article to share for reg folks to keep those 2 in check and updated.

"Don't Panic ! 'cause HH got's your back!"

  • | Post Points: 5
Top 50 Contributor
Posts 2,864
Points 29,610
Joined: Mar 2011
Location: United States, Connecticut

Bah what a surprise. Adobe software is full of holes and is constantly being exploited. Flash is what I would say 60% of the scareware Anti-virus software (viruses) install through on peoples machines. Good thing the defense agencies have private networks that are not connected to the internet for the really important stuff. They better have the patch available sooner than the week of the 12th even if those coders have to work overtime.

  • | Post Points: 20
Not Ranked
Posts 84
Points 775
Joined: Nov 2009
timaeus replied on Wed, Dec 7 2011 10:47 AM

Yeah, but if this was Lockheed that was attacked, I'm not at all surprised that they were using an obsolete version. My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago.

  • | Post Points: 20
Top 50 Contributor
Posts 3,236
Points 37,910
Joined: Mar 2010
AKwyn replied on Wed, Dec 7 2011 1:40 PM

You said it... Though I don't know if Adobe is going to do much to fix holes before they have to announce they have a hole; I will say that my experience with Flash and Reader are entirely different, due to me not gaining as much malware and viruses that went through those programs. Guess I either got a good sense of what's good and what's bad, or a good security program.

 

"The future starts with you; now start posting more!"

  • | Post Points: 5
Top 150 Contributor
Posts 509
Points 3,965
Joined: Oct 2010
Location: HOLLAND!!!!

timaeus:
We were forced to use IE6 up until 6 months or so ago

my condolences

CPU: e6400 @ 3.2 (H-50'd)
MB: MSI p6n
RAM: 4G adata
GPU: GTS-450 and 8800GTS for Physx
HDD: WD 500G Black
PSU: 620W Corsair  Mod.
Case: 900-2 with 7 cathodes and AP-15s
OS: W7 and Ubuntu

  • | Post Points: 5
Not Ranked
Posts 43
Points 530
Joined: Oct 2010
Location: Calgary, Alberta, Canada
BMAN replied on Wed, Dec 7 2011 8:07 PM

" My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago. "

The company I work for just got new PC's (had them down-graded from Windows 7 to Windows XP Professional...for what reason is still unknown); their Win updates are set for manual,yet nobody ever updates...would be very surprised if we didn't get hacked at some point in the future.

system specs

Intel i5 3570***, ASUS Sabertooth Z77, Corsair AX850, 16GB Corsair Vengeance DDR3, Corsair Force 3 Series GT  SSD (120GB), WD VelociRaptor (300GB), water-cooled HIS Radeon HD7950, AZZA Genesis 9000, EKWB Supremacy CQ CPU block, XSPC RX360, EKWB-DCP 4.0 pump, Windows 7 H.P. - 64 bit

  • | Post Points: 5
Page 1 of 1 (9 items) | RSS