Adobe released a critical security update addressing vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
The vulnerability relates to memory corruption vulnerabilities which could cause a crash and potentially allow an attacker to take control of the affected system.
Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.
Adobe plans on updating all other versions as part of the next quarterly update scheduled for January 10, 2011. According to Adobe, Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.
- Release date: December 16, 2011
- Vulnerability identifier: APSB11-30
- CVE number: CVE-2011-2462, CVE-2011-4369
- Platform: Windows
AlternativesSeveral years ago, I tired of Adobe Reader and switched to Sumatra PDF, an alternate PDF reader. After I got past the bright yellow GUI, I found Sumatra PDF to be a nice, light-weight option with no unnecessary add-ons or toolbars. There are a number of open source readers available from http://pdfreaders.org/.
- Security Advisory: Security updates available for Adobe Reader and Acrobat 9.x for Windows
- PSIRT Blog: Security updates released for Adobe Reader and Acrobat 9.x for Windows (APSB11-30)