A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh.
This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.
There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.
Affected software versions:
Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh
*Note: Adobe Reader for Android and Adobe Flash Player are not affected by this issue.
Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing.
To verify Protected View for Acrobat X is enabled, go to:
Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
To verify Protected Mode for Adobe Reader X is enabled, go to:
Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.
Adobe categorizes this as a critical issue.
We suggest users to apply latest Security Advisory APSB11-30.
Leave a reply