Security Advisory for Adobe Reader and Acrobat

Published: 2011-12-15
Last Updated: 2011-12-15 22:47:32 UTC
by Joel Esler (Version: 1)
3 comment(s)

Except from their website:

critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on December 16, 2011. Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012. We are planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update scheduled for January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012. For further context on this schedule, please see the corresponding ASSET blog post.

Looks like we'll be patching Adobe Reader and Acrobat tomorrow against this newest threat that has been making the rounds over the past couple weeks.  

 

-- Joel Esler | http://blog.joelesler.net | http://twitter.com/joelesler

Keywords:
3 comment(s)

Comments

"Protected Mode" is a stupid joke imho, even in the latest reader 10.1.1 it causes ALL my prints to print out as if they were encrypted junk or written by aliens. I have to disable it in order to properly print pdf files so i usually keep it disabled all the time.
Actually, if you go into the advanced button on the print screen when you send it to print, then check off "print as image" this fixes the issue. This was a problem in version 9 on some of our systems as well.
sorry but printing as image on 90 cm-wide roll paper creates HUGE print files and the output is bad, i already tried that. Often the reader even crashes because it runs out or memory when rendering the page if it is too complex.
Some of my pdf files can easily cover 3 meters of paper in length. HP Designjet 42" user here.

Diary Archives