Security Advisory for Adobe Reader and Acrobat (Update)

Adobe announced that a critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.

There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

The problem is that there is no fix available at the moment, but Adobe promised that will make one available for the Adobe Reader 9.x next week. The Adobe Acrobat X and Adobe Reader X can be configured to prevent this vulnerability to be exploited and because of this they will be only updated in the regular quarterly security update.

Until then,  the only way to prevent this vulnerability to be exploited is to enable the Protected Mode/View feature in Adobe Reader X Protected Mode and Adobe Acrobat X Protected View :  Go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked. To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.

 

Update:

A detection for files exploiting this vulnerability has been released with engine version 8.2.6.134. The  name of the detection is EXP/CVE-2011-2462.

 

 

Sorin Mustaca

Data Security Expert