Thursday, February 14, 2013

Adobe Confirms 0-Days in PDF Reader & Acrobat, Says Patch in the Works

Adobe AcrobatAdobe has confirmed the existence of two critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat that are actively being exploited in targeted attacks.

FireEye researchers first spotted the exploit earlier this week, and revealed attacks involved a malicious PDF disguised as an international travel visa application that would drop 2 DLLs onto the target system upon successful execution.

Although these attacks appear to target Windows users, Adobe’s security advisory notes that the vulnerabilities affect Adobe Reader & Acrobat for other operating systems:

  • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh

  • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh

  • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux

  • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh

  • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh

  • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh


Protect Yourself


Adobe is currently working on a patch to fix the security holes, and advises users to enable Protected View in the meantime:

  • Menu -> Edit

  • Selecting Preferences

  • Clicking Security (Enhanced)

  • Pick “Files from potentially unsafe locations”


Adobe also advised enterprise administrators that they can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. (More information on that here.)

Aside from that, try not to open any suspicious PDF files sent from untrusted sources (for instance, an unsolicited email).

Don’t miss out on the latest tech news and computer security alerts! Follow us on Twitter at @hyphenet,  “Like” us on Facebook or add us to your circle on Google+

No comments:

Post a Comment