Adobe Reader / Acrobat Vulnerability

According to a security bulletin  from Adobe, there is a critical vulnerability in its Acrobat and Reader (formerly Acrobat Reader) software that, it appears, is being exploited in targeted attacks “in the wild”.  (By targeted attacks, I mean attempts to penetrate the security of specific persons or organizations, as opposed to attacks directed to a random population.)  This vulnerability is present on all platforms (Windows, Mac OS-X, and Unix/Linux), the exploits reported so far have been directed at Windows users.

According to Adobe, users on Windows Vista® are protected if they have enabled DEP (data execution protection).  Disabling JavaScript within Reader or Acrobat may mitigate the threat somewhat, but an exploit that does not require JavaScript is possible.

Adobe intends to release a fix for this vulnerability on Tuesday, October 13, as part of its quarterly security update cycle.  Tuesday, of course, is also Microsoft patch day.  So smile at your sysadmin on Tuesday; he or she will probably need it.

One Response to Adobe Reader / Acrobat Vulnerability

  1. […] Updates Acrobat, Reader A week ago Sunday I posted a note about a serious security problem with Adobe’s Acrobat and Reader (formerly Acrobat Reader) products.  The problem affected […]

%d bloggers like this: