Adobe PDF Reader zero-day under attack
Summary: According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6. An emergency fix is coming next week.
Unknown hackers are exploiting a zero-day vulnerability in Adobe's PDF Reader software to launch "limited, targeted attacks" against high-value Windows users.
According to a warning from Adobe, the attacks have been observed in the wild against Windows users running Adobe Reader version 9.4.6. Details on the attacks and targets are not known at this time.
The company plans to ship an emergency patch for Adobe Reader and Acrobat 9.x for Windows "no later than the week of December 12, 2011."
The vulnerability is also present in Adobe's newer Reader X software but because there are anti-exploitation roadblocks in that version, the company is in no rush to release Reader X updates to thwart this wave of attacks.
"The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE)," according to Adobe security chief Brad Arkin.
Arkin says that focusing this release on just Adobe Reader and Acrobat 9.x for Windows also allows Adobe to ship the update much earlier. "We are conscious of the upcoming holidays and are working to get this patch out as soon as possible to allow time to deploy the update before users and staff begin time off. Ultimately the decision comes down to what we can do to best mitigate threats to our customers," Arkin added.
Arkin also pleaded with Adobe users to upgrade to the latest and greatest versions:
I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!
Adobe rates this a "critical" issue that currently haunts Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh.
"This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system," Adobe warned.
Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.
Talkback
Good article.
Why do they keep making patches for the old versions??
Bill O'Reilly says "you can't explain that".
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
Also, as mihondo says, corporate environments might not be using the latest version, so it makes sense to keep the previous versions secure as well.
sdfsdf
Wholesale Clothing Wholesale Flag http://www.chinawholesaletown.com/wholesale-Wine-Set/ Ruler
Wholesale Scale Computer Accessories http://www.chinawholesaletown.com/wholesale-Poncho-Raincoat/ Automotive Products
Wholesale Whistle Wholesale Scale http://www.chinawholesaletown.com/wholesale-Pen/ Clothes Rack
Consumer Electronics Cleaner Products http://www.chinawholesaletown.com/wholesale-Sport-Support/ Bag
Coin Bank Photo Frame http://www.chinawholesaletown.com/wholesale-Garden-Decorations/ Gift Box
Bottle Opener Wholesale Mobile Phone http://www.chinawholesaletown.com/wholesale-Kitchenware/ Pedometer
Electrical Gifts Wholesale Socks http://www.chinawholesaletown.com/wholesale-Golf-Items/ Name Card Holder
Electroluminescent Wholesale Gift Bags http://www.chinawholesaletown.com/wholesale-Solar-Products/ Fishing Supplies
Promotional Items Wholesale Swimming Products http://www.chinawholesaletown.com/wholesale-Clap-Hands/ Flash Gift
Wholesale Magnifier Gift Box http://www.chinawholesaletown.com/wholesale-Tape-Measure/ Golf Products
Money Bank Tape Measure http://www.chinawholesaletown.com/wholesale-Health-Care-Products/ Album
Wholesale USB Products China Wholesale http://www.chinawholesaletown.com/wholesale-Tag---lable/ Manicure Set
Sport Support Products Wholesale Towel http://www.chinawholesaletown.com/wholesale-Gift-Bags/ Stress Ball
Wholesale Helmet Wholesale Dartboard http://www.chinawholesaletown.com/wholesale-Home-Appliances/ Scale
Home Appliances Wholesale Vase http://www.chinawholesaletown.com/wholesale-USB-Flash-Drive/ Glasses
Wholesale Calculator Wholesale Album http://www.chinawholesaletown.com/wholesale-Vocal-Concert-Products/ Shoe
Silicone Products Heating Products http://www.chinawholesaletown.com/wholesale-Ruler/ Lady Beauty Care
Wholesale Mirror Bottle Opener http://www.chinawholesaletown.com/wholesale-Baby-Suppliers/ Promotional Items
Wholesale Keychain Wholesale Compressed Products http://www.chinawholesaletown.com/wholesale-Audio-Video-Equipment/ Mug
Digital Photo Frame Wholesale Bag http://www.chinawholesaletown.com/wholesale-Giveaway-Material/ Solar Products
Wholesale Compressed Products Crystal Gifts http://www.chinawholesaletown.com/wholesale-Playing-Card/ Racks
Wholesale Vuvuzela Coin Bank http://www.chinawholesaletown.com/wholesale-Puzzle/ Stationery
Wholesale Banner Wholesale Clap Hands http://www.chinawholesaletown.com/wholesale-Radio/ Calculator
Wholesale Knife Wholesale Bracelet http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Flashlight
Giveaway Material Wine Set http://www.chinawholesaletown.com/ Badge
Manicure Set Garden Decorations http://www.chinawholesaletown.com/wholesale-Tellurion/ Umbrella
Wedding Favors Wholesale iPod iPhone http://www.chinawholesaletown.com/wholesale-Earphone/ T-Shirts
Wholesale Halloween Gift Men Beauty Care http://www.chinawholesaletown.com/wholesale-Book-Light/ Pen Holder
Wholesale Speakers Pen Holder http://www.chinawholesaletown.com/wholesale-Racks/ Furniture
Wholesale Jewelry Wholesale Tableware http://www.chinawholesaletown.com/wholesale-Pom-Poms/ Knife
Wholesale Apron Wholesale Furniture http://www.chinawholesaletown.com/wholesale-Lighting/ Bangle
Wholesale Pen Money Bank http://www.chinawholesaletown.com/wholesale-Album/ Christmas Gifts
Voice Recorder Wholesale Kitchenware http://www.chinawholesaletown.com/wholesale-Mat/ Cleaner Products
Wholesale Badge Advertising Material http://www.chinawholesaletown.com/wholesale-Stuffed-Animals/ Vase
Wholesale USB Flash Drive Wholesale Bookmark http://www.chinawholesaletown.com/wholesale-Banner---Flag/ Money Clip
Sport Items Wholesale Ruler http://www.chinawholesaletown.com/wholesale-Flashlight/ Eye Mask
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
Not anymore Foxit has become just as bloated recently, as well as multiple hijacks.. (home page, tool bars, etc)...
RE: Adobe PDF Reader zero-day under attack
Right on! You don't have to load the excess baggage (tool bars, etc)
RE: Adobe PDF Reader zero-day under attack
Yes I use Adobe Reader, and the security features in Reader 10 are one of the big reasons. Does your PDF reader have sandboxing? All components opt into ASLR?
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
Nah I stopped using that buggy mess over a year ago, Foxit loads faster and you don't have to install its optional plugins, such as the offered toolbar, etc.
With Adobe they force all that other worthless junk, Adobe Air, Speed Launcher, Arm and other stuff onto you even if you tell it not to include those things. I personally don't see a need to have parts of a PDF viewer loading when my OS loads, that only serves to slow boot time down and has little to no use in a practical way. Shame on Adobe for the bloatware and an unnecessarily slow loading software. Now only if I could find a replacement for Flash Player.
RE: Adobe PDF Reader zero-day under attack
Interesting statement...'any remaining users', not good for PR, but, are there any?
I've been using Foxit Reader (and uninstalled the Adobe Reader bloatware) since it was first released. It has to be 10 times faster (probably 20) to view a pdf.
(I just hate those site that 'force' you to use it)
RE: Adobe PDF Reader zero-day under attack
sorry, if adobe is slowing your pc down then its time for a new pc buddy... the resource usage is practically obsolete... so how it can be slow, i wouldnt understand
RE: Adobe PDF Reader zero-day under attack
RE: Adobe PDF Reader zero-day under attack
A website cannot Force you to use anything, simply download the PDF and open it in whatever reader you like.
RE: Adobe PDF Reader zero-day under attack
Yeah, about that, many financial websites just don't work with Foxit, and the workarounds aren't a good option at work. I might be able to do it, but I cannot expect my users to.
What?!?
A dreadful reporting error?
Unfortunately not!
But don't worry I'm confident that Adobe will soon get the PDF Reader software back to its fine, swift, stability that it's always been the hallmark of this customer-centric company...
...oops back to the real world!