Adobe to release emergency patches for Reader, Acrobat

[JMH]

Adobe Systems said it will release patches for two critical vulnerabilities disclosed last week that are actively being used by attackers.

The company said on Saturday the patches will be released sometime this week. Both vulnerabilities can be exploited if a user can be tricked into opening a malicious PDF, which is usually sent to targeted victims by email.

The latest vulnerabilities were discovered by security vendor FireEye, which said it supplied its findings to Adobe. An analysis by Kaspersky Lab of the exploit using the vulnerabilities found that it bypasses the "sandbox" built into Adobe Reader, which is a technology designed to contain attempts to install malicious software.

Kaspersky said the exploit had a level of sophistication seen in cyberespionage campaigns. The malicious software delivered to infected computers can record keystrokes as well as steal passwords and information about a computer's configuration.

Adobe to release emergency patches for Reader, Acrobat | Security - InfoWorld

 

[Corrine]

Critical Update Released for Adobe Reader and Acrobat

The update has been released.

Release Details

Release date: February 20, 2013
Vulnerability identifier: APSB13-07
CVE number: CVE-2013-0640, CVE-2013-0641
Platform: All Platforms

Due to frequent vulnerabilities, it is recommended that Windows users of Adobe Reader and Acrobat ensure that Protected View is enabled. Neither the Protected Mode or Protected View option is available for Macintosh users.

To enable this setting, do the following:

• Click Edit > Preferences > Security (Enhanced) menu.
• Change the "Off" setting to "All Files".
• Ensure the "Enable Enhanced Security" box is checked.

[h=3]Update or Complete Download[/h]

• Update
• Download Adobe Reader

Note: UNcheck any pre-checked additional options presented with the update. They are not part of the software update and are completely optional.

 

[JMH]

Adobe releases emergency patches for Reader and Acrobat

Adobe released emergency patches for Adobe Reader and Acrobat 11, 10 and 9 on Wednesday that address two critical vulnerabilities being actively exploited by attackers.

The exploit was discovered by researchers from security firm FireEye in active attacks last Tuesday and was confirmed by Adobe one day later. It's particularly dangerous because it bypasses the sandbox anti-exploitation mechanism in Adobe Reader 10 and 11.

"Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux," the company said Wednesday in a security advisory. "These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system."

Adobe releases emergency patches for Reader and Acrobat | PCWorld