Adobe released Security Advisory (APSA13-02) related to critical security vulnerabilities in Adobe Reader and Acrobat XI (11.0.01 and earlier), X (10.1.5 and earlier) and 9.5.3 and earlier for Windows and Macintosh.
Release date: February 13, 2012
Last updated: February 14, 2012
Vulnerability identifier: APSA13-02
CVE number: CVE-2013-0640, CVE-2013-0641
Platform: All Platforms
Adobe reported that the vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message. These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system.
Both Windows and Macintosh operating systems are vulnerable, however mitigation is only provided for users of Adobe Reader XI and Acrobat XI for Windows.
Enable "Protected View"In order to minimize vulnerability it is recommended Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled. Unfortunately, neither the Protected Mode or Protected View option is available for Macintosh users.
To enable this setting, do the following:
- Click Edit > Preferences > Security (Enhanced) menu.
- Change the "Off" setting to "All Files".
- Ensure the "Enable Enhanced Security" box is checked.
|Image via Sophos Naked Security Blog|