Adobe Releases Patch for Critical Vulnerability
GSA Reference Number: AD100114-01
Previous GSA Reference Number: AD091215-01
Simply Put: Adobe has released a patch for the previously announced critical remote code execution vulnerability in the Adobe Reader and Acrobat products. Adobe Reader and Acrobat 9.2 and earlier versions are confirmed as vulnerable. This vulnerability has become a target of malware authors, and should be patched as quickly as possible.
Attack Details: The attack uses a malicious PDF file with embedded JavaScript. Further attack details have not been released at this time; however, Adobe has recognized this as a critical vulnerability in the JavaScript engine for Adobe Reader and Acrobat. Since Adobe PDF files are opened automatically by Internet Explorer and other web browsers, this vulnerability can be exploited without the user’s knowledge if the person visits a malicious website. Further attack details can be found in the Adobe bulletin.
Countermeasures: Adobe has released a patch for this vulnerability. Download locations can be found in the Adobe bulletin linked below. Later versions of Adobe Reader and Acrobat can also check for updates within the program, generally through the Help menu. Gladiator recommends that all users install this update immediately.
Reference Links:
- Adobe Bulletin (http://www.adobe.com/support/security/bulletins/apsb10-02.html)
- US-CERT Alert (http://www.us-cert.gov/cas/techalerts/TA10-013A.html)
- SANS ISC Diary (http://isc.sans.org/diary.html?storyid=7975)