Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch this week

Safe PDFs are almost here: Adobe to release Reader, Acrobat zero-day patch this week

Summary: Adobe is rushing out a patch for Reader and Acrobat flaws that hackers are already exploiting.

SHARE:
TOPICS: Security
5

Adobe will release a patch this week to close holes in the latest versions of Acrobat and Reader X and XI that hackers are already exploiting.

The patch for two memory corruption flaws affecting Reader and Acrobat on Windows, Mac and Linux machines will be delivered "during the week of February 18, 2013", the company said in an update on Saturday.

Adobe confirmed last week that attackers were targeting Windows users with malicious PDFs that exploited the flaws and allowed them to bypass Adobe's Protected Mode sandbox. Protected Mode was designed to stop malware installing by running processes for displaying PDF files in an isolated container.

The company's workaround for Windows users in the absence of a fix was to enable Protected View, a restrictive mode first introduced in Acrobat 10.1 that limited the software's actions until the user determines whether to trust a PDF. Adobe recommended Reader and Acrobat users set Protected View for "files from potentially unsafe locations", however it also allows them to choose "all files".

A patch will be available for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux.

Topic: Security

Liam Tung

About Liam Tung

Liam Tung is an Australian business technology journalist living a few too many Swedish miles north of Stockholm for his liking. He gained a bachelors degree in economics and arts (cultural studies) at Sydney's Macquarie University, but hacked (without Norse or malicious code for that matter) his way into a career as an enterprise tech, security and telecommunications journalist with ZDNet Australia. These days Liam is a full time freelance technology journalist who writes for several publications.

Kick off your day with ZDNet's daily email newsletter. It's the freshest tech news and opinion, served hot. Get it.

Talkback

5 comments
Log in or register to join the discussion
  • "Safe" and "Adobe"

    Will never belong together. Their Flash and Acrobat products have been regularly exploited for years now and Adobe seems uttterly incapable of coming up with any long term fixes,
    JustCallMeBC
    • Agree 100%

      When it comes to security, Adobe is even worst than MS during the XP years.
      wackoae
  • Oxymoron

    The track of events proved that some Adobe products will remain a target of choice and an important malware vector.

    We had numerous debates in these forums about this topic and, whatever some say, recent sandboxing and other mitigation technologies did not help much.

    Being popular (that is highly deployed) has its downsides...
    TheCyberKnight
  • A long term solution

    For Windows users, there are multiple alternatives. The best one being FoxIt Reader. More secure, a hell of a lot smaller and lightweight ... and unlike Acrobat, it actually has features that people can use.
    wackoae
  • Great. Another wave of malware.

    No, I am not talking about the exploits of Adobe's software, but rather their pushing of Chrome and Google toolbar with their updates. Chrome breaks some of our internal apps, while the Google toolbar is nothing short of spyware. For the moment we have them blocked in our group policy, but Google always seems to find some way around such obstacles. Despite our best efforts, Google's malware still finds its way onto our systems, resulting in lost productivity for our users and wasted time for our IT staff.
    itpro_z