Gladiator Research and Security - » Critical Adobe Reader and Acrobat Patch Released

Links

Other Posts: Fraudulent Email Claiming to be from the FDIC; October Microsoft Patch Tuesday

Critical Adobe Reader and Acrobat Patch Released

Posted on October 14th, 2009 by Ryan Spanier

GSA Reference Number: AD091014-01

Simply Put: Adobe has released a critical patch to address 29 security vulnerabilities in its Acrobat and Reader products. These vulnerabilities have been rated Critical and could lead to remote code execution or denial of service. All versions of Acrobat and Reader earlier than 9.2 are affected, including Windows, Macintosh and Unix versions. Gladiator recommends that this patch is applied to all workstations as soon as possible.

Attack Details: Adobe has listed all attack details in their advisory. At least one of these vulnerabilities is actively being exploited on the Internet. Gladiator has noticed an increase in malicious PDF downloads on client networks, and feels that these issues pose a significant threat to our clients.

Countermeasures: The US-CERT advisory has suggested workarounds for those not able to update their software version. Gladiator recommends that administrators consider implementing some of these workarounds, especially disabling automatic PDF opening in Internet Explorer. The Adobe products affected have online update methods (through the Help -> Check for Updates… menu), or a full version can be downloaded from Adobe’s website.

Reference Links:

Adobe Advisory (http://www.adobe.com/support/security/bulletins/apsb09-15.html)
US-CERT Technical Advisory (http://www.us-cert.gov/cas/techalerts/TA09-286B.html)
SANS ISC Diary Entry (http://isc.sans.org/diary.html?storyid=7348)

Reader Comments

Sorry, comments are closed.