Adobe to Patch Reader, Acrobat

Last week, Adobe issued a Security Advisory (APSA13-02) for its Acrobat and Reader software for Windows, Linux, and Mac OS X.  The advisory concerns two newly-discovered security vulnerabilities in the software (CVE numbers are in the Security Advisory).  According to Adobe, the affected versions of the software are:

  • Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Reader 9.5.3 and earlier 9.x versions for Windows, Macintosh and Linux
  • Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
  • Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
  • Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh

There is some evidence that the vulnerabilities are being exploited, principally by E-mails that attempt to trick Windows users into opening a malicious PDF document.

According to a post on the Product Security Incident Response Team (APSIRT) blog, Adobe plans to release  security updates for the affected software this week.  I will post a note here when the patches are available.

In the meantime, those who are using Reader XI and Acrobat XI for Windows can mitigate the risk from these flaws by enabling “Protected View” (see the Security Advisory for details).  In any case, you should always be very wary of opening any E-mail attachments unless you are sure they are legitimate.

One Response to Adobe to Patch Reader, Acrobat

  1. […] As expected, Adobe today released new versions of its Acrobat and Reader software for Windows, Mac OS X, and Linux.  These address two critical security vulnerabilities (one a memory corruption problem, the other a buffer overflow) that, if exploited, might give an attacker control over your system.   According to Adobe’s Security Bulletin [APSB13-07], the following versions of the software are vulnerable: […]

%d bloggers like this: