Adobe on Tuesday confirmed the existence of an unpatched zero day vulnerability rated as "critical" in Adobe Reader X (10.1.1) and earlier versions for Windows and Macs, Adobe Reader 9.4.6 and earlier versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macs. In theory, the critical vulnerability could cause a crash and potentially allow an attacker to take control of the affected machine. And in practice?
"There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows," Adobe stated in a Security Advisory.
Unpatched security holes in Adobe software are nothing new, but what's disturbing about this one is the shout out to Lockheed Martin CIRT and members of the Defense Security Information Exchange for reporting the issue. It's possible, or at least conceivable, that U.S. defense agencies may have come under attack, though there have been no related reports, so it's purely speculation at this point.
At the same time, the issue has Adobe concerned enough to work on an out-of-schedule patch to be rolled out no later than the week of December 12, 2011.
Yowza! Stay away from porn sites people! Lol
lockheed did get hacked a while ago. maybe again? wouldnt surprise me.
CPU: e6400 @ 3.2 (H-50'd)MB: MSI p6nRAM: 4G adataGPU: GTS-450 and 8800GTS for PhysxHDD: WD 500G BlackPSU: 620W Corsair Mod.Case: 900-2 with 7 cathodes and AP-15sOS: W7 and Ubuntu
Again !!! ?? I also p pretty surprising how many folk do not update Adobe reader and flash .. a dang good article to share for reg folks to keep those 2 in check and updated.
"Don't Panic ! 'cause HH got's your back!"
Bah what a surprise. Adobe software is full of holes and is constantly being exploited. Flash is what I would say 60% of the scareware Anti-virus software (viruses) install through on peoples machines. Good thing the defense agencies have private networks that are not connected to the internet for the really important stuff. They better have the patch available sooner than the week of the 12th even if those coders have to work overtime.
Yeah, but if this was Lockheed that was attacked, I'm not at all surprised that they were using an obsolete version. My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago.
You said it... Though I don't know if Adobe is going to do much to fix holes before they have to announce they have a hole; I will say that my experience with Flash and Reader are entirely different, due to me not gaining as much malware and viruses that went through those programs. Guess I either got a good sense of what's good and what's bad, or a good security program.
"The future starts with you; now start posting more!"
timaeus:We were forced to use IE6 up until 6 months or so ago
" My company rarely actually pushes software updates, and we don't have privileges to do it ourselves. We were forced to use IE6 up until 6 months or so ago. "
The company I work for just got new PC's (had them down-graded from Windows 7 to Windows XP Professional...for what reason is still unknown); their Win updates are set for manual,yet nobody ever updates...would be very surprised if we didn't get hacked at some point in the future.
Intel i5 3570***, ASUS Sabertooth Z77, Corsair AX850, 16GB Corsair Vengeance DDR3,
Corsair Force 3 Series GT SSD (120GB), WD VelociRaptor (300GB), water-cooled HIS Radeon
HD7950, AZZA Genesis 9000, EKWB Supremacy CQ CPU block, XSPC RX360, EKWB-DCP 4.0 pump,
Windows 7 H.P. - 64 bit
NEWS TIPS |
This site is intended for informational and entertainment purposes only. The contents are the views and opinion of the author and/or hisassociates. All products and trademarks are the property of their respective owners. All content and graphical elements areCopyright © 1999 - 2014 David Altavilla and HotHardware.com, LLC. All rights reserved. Privacy and Terms