While Adobe Flash Player was updated last week for the critical vulnerabilities in Security Advisory APSA11-02, it was not until today that the update for Adobe Reader and Acrobat was released.
This vulnerability is being exploited in the wild against Adobe Flash Player, Adobe Reader and Acrobat in targeted attacks via a malicious Web page, or a Flash file embedded in a Microsoft Word or Microsoft Excel file delivered as an email attachment, targeting the Windows platform.
Adobe Reader X Protected Mode mitigations would prevent an exploit of this kind from executing and, thus, is not being updated at this time.
Details:
Vulnerability identifier: APSB11-08Acrobat and Reader users can update to the latest version using the built-in updater, by clicking “Help” and then “Check for Updates.” The Adobe Reader update for Windows is available from http://www.adobe.com/products/reader/.
CVE number: CVE-2011-0611, CVE-2011-0610
Platform: All Platforms
Alternatively, you could switch to an alternate PDF reader. There are a number of open source readers available from http://pdfreaders.org/. I have been using Sumatra PDF for around two years. Nitro Reader is also a viable substitute.
References:
- Security Bulletin: Adobe-Security Bulletins: APSB11-08
- PSIRT Blog: Security updates available for Adobe Reader and Acrobat (APSB11-08)
Corrine. When did Adobe Reader Version X come out? Is this version 10? or something different? Thanks
ReplyDeleteHi, Cel.
ReplyDeleteAdobe Reader X is version 10, released in February, 2011 current release 10.0.1).
The major enhancement of Adobe Reader X is that PDF files are opened in a "sandbox".