Tuesday, December 6, 2011

New Adobe Reader Zeroday Used in Targeted Attacks

Via Adobe Secure Software Engineering Team (ASSET) Blog -

We have just posted Security Advisory APSA11-04 regarding a new vulnerability (CVE-2011-2462) that is currently being exploited in the wild in limited, targeted attacks against Adobe Reader 9.4.6 on Windows. Here is a summary of our approach to address this issue:

  • We are planning to release an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011.
  • Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit targeting this vulnerability from executing, we are planning to address this issue in Adobe Reader and Acrobat X for Windows with the next quarterly security update on January 10, 2012.
  • The risk to Macintosh and UNIX users is significantly lower. We are therefore planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update on January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.
The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE).


I’d like to take this moment to encourage any remaining users still running Adobe Reader or Acrobat 9.x (or worse, older unsupported versions) to PLEASE upgrade to Adobe Reader or Acrobat X. We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install. Help us help you by running the latest version of the software!



Adobe would like to thank Lockheed Martin CIRT and members of the Defense Security Information Exchange for reporting this issue and for working with Adobe to help protect our customers.

No comments:

Post a Comment