Links
April Adobe Patch Release
GSA Reference Number: AD100414-01
Simply Put: Adobe has released a patch for critical vulnerabilities in the Adobe Reader and Acrobat products. Adobe Reader and Acrobat 9.3.1 and earlier versions are confirmed as vulnerable. Many of the vulnerabilities can lead to remote code execution and are likely to become a target of malware authors. Adobe Reader and Acrobat should be patched as quickly as possible on all workstations and servers.
Attack Details: There are 15 vulnerabilities addressed with the patch. They include cross-site scripting, denial of service, memory corruption, buffer overflow, and remote code execution. An attacker could exploit these vulnerabilities by tricking a user into opening a specially-crafted PDF file. Users are also vulnerable to malicious websites that call PDF files, which are opened automatically in most Web browsers. Further attack details can be found in the Adobe bulletin linked below.
Countermeasures: Adobe has released a patch for these vulnerabilities. Download locations can be found in the Adobe bulletin. Later versions of Adobe Reader and Acrobat can also check for updates within the program, generally through the Help menu. Gladiator recommends that all users install this update immediately.
Reference Links:
- Adobe Bulletin (http://www.adobe.com/support/security/bulletins/apsb10-09.html)
- US-CERT Technical Cyber Security Alert (http://www.us-cert.gov/cas/techalerts/TA10-103C.html)
- SANS ISC Diary (http://isc.sans.org/diary.html?storyid=8629)