Wednesday, January 13, 2010

Adobe Reader v8.x and v9.x patched

Late Tuesday, 12 Jan 2010, Adobe released updated versions of Adobe Reader 8 and 9 to correct an exploitable flaw.  If you're still using Adobe Reader instead of the less-hacked Foxit Reader, you should update. Here's a link to a Youtube video of what can happen to you if you run Adobe Reader and DON'T apply these patches:
Screen Capture: Targeted Attack PDF Exploit Taking Over A Computer

US-CERT Current Activity
Adobe Releases Update for Adobe Reader and Acrobat
added January 12, 2010 at 07:01 pm

Adobe has released an update for Reader and Acrobat to address multiple vulnerabilities. These vulnerabilities affect Adobe Reader 9.2 and earlier versions for Windows, Macintosh, and UNIX and Adobe Acrobat 9.2 and earlier versions for Windows and Macintosh. Exploitation of these vulnerabilities may allow an attacker to execute arbitrary code or cause a denial-of-service condition.

US-CERT encourages users and administrators to review Adobe Security Bulletin APBS10-02 and apply any necessary updates to help mitigate the risks.

Other reports here:

Adobe update trumps Microsoft's lone fix in patch frenzy - SC Magazine US
Microsoft's monthly security update took a backseat on Tuesday to a scheduled critical fix from Adobe that addresses a zero-day vulnerability in its widely deployed Reader and Acrobat software.

Adobe was to address the flaw, which is being exploited in in-the-wild attacks, among others as part of its quarterly security update.

Adobe has other problems, too:

Adobe confirms 'sophisticated, coordinated' breach | Zero Day |
In an attack described as “sophisticated” and “coordinated,” Adobe said its corporate network systems were breached by hackers.

No comments: