Adobe Warns of Critical Threat to Reader, Acrobat Users
Adobe Systems Inc. late Thursday issued an alert saying that hackers are exploiting a newly-discovered vulnerability in its free PDF Reader and Acrobat products to break into Microsoft Windows systems.
Adobe said it plans to release a patch to fix this vulnerability next Tuesday, in keeping with its recent shift to push out security updates in tandem with Microsoft's regular monthly patch cycle, which occurs on the second Tuesday of each month (a.k.a. "Patch Tuesday").
According to the Adobe advisory, the company is planning to release an update for Adobe Reader 9.1.3 and Acrobat 9.1.3, Adobe Reader 8.1.6 and Acrobat 8.1.6 for Windows, Macintosh and UNIX, and Adobe Reader 7.1.3 and Acrobat 7.1.3 for Windows and Macintosh to resolve critical security issues.
"Among other issues, this update will resolve a critical vulnerability in Adobe Reader and Acrobat 9.1.3 and earlier (CVE-2009-3459) on Windows, Macintosh and UNIX," Adobe said in its advisory. "There are reports that this issue is being exploited in the wild in limited targeted attacks; the exploit targets Adobe Reader and Acrobat 9.1.3 on Windows. Adobe Reader and Acrobat 9.1.3 customers with DEP [Data Execution Prevention] enabled on Windows Vista are protected from this exploit."
News like this is often jarring and scary, but in all likelihood the attacks that Adobe is referencing are targeted at a specific group of organizations or governments. Alex Lanstein, a senior security researcher at Milpitas, Calif.-based security firm FireEye, notes that what's unusual about this vulnerability is that while Adobe is referencing reports of the vulnerability being exploited in the wild, there don't appear to be instructions or exploit code for this flaw publicly available at the moment.
Barring any notable developments in the meantime, I'll have more information about this next Tuesday, when Microsoft issues what promises to be a record-breaking number of security updates. According to a heads-up on its Security Response Center blog, Microsoft plans to release 13 patch bundles (eight critical and five important) that address at least 34 vulnerabilities, affecting Windows, Internet Explorer, Office, Silverlight, Forefront, Developer Tools, and SQL Server.
October 9, 2009; 1:00 PM ET
Categories: Latest Warnings , Safety Tips | Tags: acrobat, adobe 0day, reader
Save & Share: Previous: Phishing Scam Spooked FBI Director Off E-Banking
Next: Comcast Trials Browser Alerts for Bot-Infected Customer PCs
The comments to this entry are closed.