Adobe Issues Emergency Patch for Reader, Acrobat

The release addresses a zero-day vulnerability reported last week.


You Can't Detect What You Can't See: Illuminating the Entire Kill Chain

Posted February 21, 2013

Cynthia Harvey

One week after news broke of a zero-day vulnerability in its Reader PDF software, Adobe has issued an out-of-band patch to address the problem. Security experts advise users to install the update as soon as possible.

The Next Web's Emil Protalinski reported, "Adobe on Wednesday released a security bulletin addressing a vulnerability in its Reader and Acrobat products discovered and being exploited exactly a week ago. The vulnerability in question could cause a crash of either and software and potentially allow an attacker to take control of the affected system."

Brian Prince from eWeek noted, "The patch follows a warning from security firm FireEye last week that attackers were launching malicious PDFs at Windows users in a zero-day attack. According to FireEye, when the vulnerability was successfully exploited, it would deploy two Dynamic Link Library (DLL) files. The first would show a fake error message and open a decoy PDF document. The second file deployed a callback component that talked to a remote Internet domain. The attackers were able to bypass the Adobe Reader sandbox, FireEye's senior director of security researcher, Zheng Bu, told eWEEK last week."

Dark Reading's Kelly Jackson Higgins observed, "The exploit used the two bugs to bypass Adobe Reader 10's sandbox feature and to sneak past the Protected Mode sandbox in Reader XI -- key security features Adobe had added to its apps to prevent malware from poisoned PDFs from spreading to other parts of the machine."

Security Watch's Max Eddy added, "The patch is recommended by Adobe for all users of Adobe Reader and Acrobat, XI and earlier. The update impacts Windows, Macintosh, and Linux users for versions 11.0.01, 10.1.5, 9.x, and earlier versions of Adobe's software. The patch can be downloaded from Adobe's website, or through the company's automatic update feature."

Tags: security vulnerabilities, Adobe, update, Acrobat, PDF, Reader

0 Comments (click to add your comment)
Comment and Contribute


(Maximum characters: 1200). You have characters left.



IT Management Daily
Don't miss an article. Subscribe to our newsletter below.

By submitting your information, you agree that datamation.com may send you Datamation offers via email, phone and text message, as well as email offers about other products and services that Datamation believes may be of interest to you. Datamation will process your information in accordance with the Quinstreet Privacy Policy.