miércoles, 7 de diciembre de 2011

New Adobe Reader zero-day in the wild

Adobe is warning of a zero-day flaw in Adobe Reader that is being actively exploited in Adobe Reader 9.x on Windows as part of "limited, targeted attacks". The security advisory says that the critical flaw affects Adobe Reader X (10.1.1) and Adobe Acrobat X (10.1.1) and their earlier versions for Windows and Mac OS X. Adobe Reader 9.4.6 and earlier 9.x versions for Unix are also vulnerable. Adobe says the hole is caused by memory corruption in the processing of Universal 3D files (U3D) which could cause a crash "and potentially allow an attacker to take control of the affected system".

Adobe says that Adobe Reader X's Protected Mode and Acrobat X's Protected View stop any exploit code from executing; patched versions will be made available, along with updates for the Macintosh and Unix versions, in the next quarterly security update on 10 January 2012. More urgently though, the fixes for Reader and Acrobat 9.x for Windows are being finalised and Adobe plans to make them available on or by 12 December 2011 in an out-of-cycle update.

Visto en www.h-online.com

No hay comentarios: