Adobe Patches Critical Vulnerabilities in Reader and Acrobat
Adobe Patches Critical Vulnerabilities in Reader and Acrobat

Adobe has released special out-of-cycle security updates to patch critical vulnerabilities in Adobe Reader and Acrobat X (10.0.2) and earlier 10.x and 9.x versions for Windows and Mac. The vulnerabilities, referenced in a security advisory issued on 11 April, could cause a crash and potentially allow an attacker to take control of the affected system. The announcement was Adobe's second in four weeks concerning a zero-day vulnerability.

Adobe X

Vulnerabilities in Reader and Acrobat

Adobe says there are reports that one of the vulnerabilities, CVE-2011-0611, is being actively exploited in the wild against both Adobe Flash Player and Adobe Reader and Acrobat, as well as via a Flash (.swf) file embedded in a Microsoft Word (.doc) or Microsoft Excel (.xls) file delivered as an e-mail attachment.

Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing, the company says.

Updating Recommendation

Adobe recommends that users of Adobe Reader X (10.0.2) for Mac update to Adobe Reader X (10.0.3). For users of Adobe Reader 9.4.3 for Windows and Mac, Adobe has made available the update Adobe Reader 9.4.4.

"Because Adobe Reader X Protected Mode would prevent exploits of the type targeting CVE-2011-0611 from executing, we are currently planning to address these issues in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for 14 June 2011," said Adobe.

Place your comment about Adobe Patches Critical Vulnerabilities in Reader and Acrobat




You must me logged in to write a comment
Comments

Be the first to place a comment