Adobe has confirmed a patch covering two critical flaws in Reader and Acrobat will land this week, following reports one of the vulnerabilities was being exploited in the wild.
Adobe noted late last week it was working on a patch and has been quick to react to findings of security researchers, confirming over the weekend fixes would land sometime this week.
“Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message,” the Reader maker said in its advisory.
“Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of 18 February 2013.”
As noted by various security researchers, the exploits, if genuine, mark a worrying moment for Adobe, as it is the first known bypass of the sandbox protection built into the latest Adobe Reader.
“Adobe Reader, and the PDF standard, are extremely flexible (and therefore complex) pieces of technology – this won’t be the last flaw found,” warned Ross Barrett, senior manager of security engineering at Rapid7.
The Adobe security team has had a busy month, having rushed out patches for zero-day flaws in Flash Player, which were being exploited by hackers. Mac and Windows users were targeted.
Are you a security pro? Try our quiz!
Suspended prison sentence for Craig Wright for “flagrant breach” of court order, after his false…
Cash-strapped south American country agrees to sell or discontinue its national Bitcoin wallet after signing…
Google's change will allow advertisers to track customers' digital “fingerprints”, but UK data protection watchdog…
Welcome to Silicon In Focus Podcast: Tech in 2025! Join Steven Webb, UK Chief Technology…
European Commission publishes preliminary instructions to Apple on how to open up iOS to rivals,…
San Francisco jury finds Nima Momeni guilty of second-degree murder of Cash App founder Bob…