Last week, Adobe issued a Security Advisory (APSA13-02) for its Acrobat and Reader software for Windows, Linux, and Mac OS X. The advisory concerns two newly-discovered security vulnerabilities in the software (CVE numbers are in the Security Advisory). According to Adobe, the affected versions of the software are:
- Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
- Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
There is some evidence that the vulnerabilities are being exploited, principally by E-mails that attempt to trick Windows users into opening a malicious PDF document.
According to a post on the Product Security Incident Response Team (APSIRT) blog, Adobe plans to release security updates for the affected software this week. I will post a note here when the patches are available.
In the meantime, those who are using Reader XI and Acrobat XI for Windows can mitigate the risk from these flaws by enabling “Protected View” (see the Security Advisory for details). In any case, you should always be very wary of opening any E-mail attachments unless you are sure they are legitimate.