James Delahunty
8 Dec 2011 10:39
Serious vulnerability being exploited in targeted attacks.
Adobe has issued a security advisory outlining a serious vulnerability that could allow an attack to take control of an affected system. The bug affects Adobe Reader X (10.1.1) and earlier on Windows and Mac, and Adobe Reader 9.4.6 and earlier 9.x versions for Linux.
It also affects Adobe Acrobat X (10.1.1) and earlier versions for the Windows and Mac operating systems. The company confirmed that the vulnerability is being actively exploited in the wild with attacks targeted against Adobe Reader 9 on Windows.
Adobe is urging users to stick to the X versions of both products, because Protected Mode in Reader X, and Protected View in Acrobat X, will prevent the exploit from executing through sandboxing techniques. Since the sandboxing works effectively against the exploit in the wild, Adobe will not address the issue until its next quarterly security updates, which are scheduled for January 10.
Adobe Reader for Android and Adobe Flash Player are not affected by this issue.