Adobe Scrambles to Patch Acrobat for Zero Day Vulnerability
Ooops! Adobe has a problem… but it is working on it!
Adobe scrambles to patch Acrobat zero-day hack
“Adobe has reported a new ‘critical vulnerability’ for current and older versions of Adobe Reader and Acrobat for Windows, Mac OS X, and Unix operating systems. The attack has already been exploited by hackers in targeted attacks against the Adobe 9 reader on Windows, the company stated in its security advisory The hack appears to have already been used in an attack on US defense contractors and research facilities.
Discovered by Lockheed Martin’s Computer Incident Response Team and MITRE, the vulnerability could allow an attacker to send a malicious Adobe document file that crashes Reader, and ‘potentiallty allow an attacker to take control of the affected system,’ according to the Adobe Product Security Incident Response Team’s alert. In a blog post, Adobe’s director of product security Brad Arkin said that Adobe is planning to release a fix for the Windows versions of Adobe Reader and Acrobat 9.4.6 ‘no later than the week of December 12.’ There is currently no workaround for Reader 9.x.
Arkin said that the risk to Mac OS X and Unix users of Reader is ‘significantly lower,’ and that the attack can be blocked on Windows with Reader X by opening documents in Adobe Reader X in ‘protected mode.’ Patches for those versions of Reader will be held until the next quarterly update of Reader, scheduled for January 10.”