Adobe announced a currently-unpatched vulnerability (CVE-2011-2462) that seems to affect all versions ofAdobe Reader and Acrobat. The issue is most relevant to the users of Adobe Reader and Acrobat 9 on Windows, because of reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild.Adobe Reader X and Adobe Acrobat X Protected View are likely to block the exploit because of the sandbox integrated into these products on Windows Visa or later.
Adobe plans to release an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011. Patches to other versions of the products will be released as part of the next quarterly security update on January 10, 2012.
This situation is a reminder why organizations should consider upgrading toAdobe Reader X and Adobe Acrobat X Protected View when using Windows Vista or later. The sooner this happens, the better from the security perspective. Sadly, it will be a long time beforeAdobe Reader and Acrobat 9 disappear from the wild, in part because end-users don't see a good reason to upgrade.
-- Lenny
Lenny Zeltser focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how toanalyzeandcombatmalware at SANS Institute. Lenny is activeon Twitterand writes adaily security blog.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.
Adobe plans to release an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011. Patches to other versions of the products will be released as part of the next quarterly security update on January 10, 2012.
This situation is a reminder why organizations should consider upgrading toAdobe Reader X and Adobe Acrobat X Protected View when using Windows Vista or later. The sooner this happens, the better from the security perspective. Sadly, it will be a long time beforeAdobe Reader and Acrobat 9 disappear from the wild, in part because end-users don't see a good reason to upgrade.
-- Lenny
Lenny Zeltser focuses on safeguarding customers' IT operations at Radiant Systems. He also teaches how toanalyzeandcombatmalware at SANS Institute. Lenny is activeon Twitterand writes adaily security blog.
(c) SANS Internet Storm Center. http://isc.sans.edu Creative Commons Attribution-Noncommercial 3.0 United States License.