Monday, December 14, 2009

Adobe Warning Of Potential Adobe Reader and Acrobat Vulnerability

Adobe is warning users of a potential new attack that is out in the wild. According to new reports hackers are attacking a previously unknown bug in the latest version of the company's Reader and Acrobat software.

This afternoon, Adobe received reports of a vulnerability in Adobe Reader and Acrobat 9.2 and earlier versions being exploited in the wild (CVE-2009-4324). We are currently investigating this issue and assessing the risk to our customers. We will provide an update as soon as we have more information. Please continue monitoring the Adobe PSIRT blog for the latest information.

As of tonight the Adobe PSIRT blog had few details to report. Computerworld reports they have searched security mailing lists and sites, including Bugtraq, Full Disclosure and milw0rm.com but turned up no reports of exploits in the wild.

An Adobe representative described why, saying, "The reports came to PSIRT directly from partners in the security community," Adobe's Wiebke Lips said. "As of this moment, I have not seen any public reports aside from the Adobe PSIRT blog post that just went live."

Update:According to Shadowserver, a volunteer-run group that tracks vulnerabilities, users should disable JavaScript in Adobe's Reader and Acrobat tools to protect themselves until a patch is available.

To disable JavaScript in Adobe Reader or Acrobat on Windows, users must select Preferences from the Edit menu, choose "JavaScript," then uncheck the "Enable Acrobat JavaScript" option. (On the Mac, Preferences is under the "Adobe Reader" or "Adobe Acrobat" menus.)

No comments:

Post a Comment

All comments will be moderate for content, please be patient as your comment will appear as soon as it has been reviewed.

Thank you
Geek-News.Net