On Tuesday, Adobe released a security bulletin, warning users of several vulnerabilities which could give a remote attacker access to the targeted PC.
The update affects Adobe Reader X (10.1.2) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Linux, and Adobe Acrobat X (10.1.2).
More details:
The update fixes the following vulnerabilities:
- CVE-2012-0774 – These updates resolve an integer overflow in the True Type Font (TTF) handling that could lead to code execution
- CVE-2012-0775 – These updates resolve a memory corruption in the JavaScript handling that could lead to code execution
- CVE-2012-0776 – These updates resolve a security bypass via the Adobe Reader installer that could lead to code execution
- CVE-2012-0777 – These updates resolve a memory corruption in the JavaScript API that could lead to code execution
Just how popular are malicious PDFs these days? According to multiple reports, malicious PDF files outpace the distribution of related malicious attachments used in targeted attacks, and currently represent the attack vector of choice for malicious attackers compared to media, help files, HTMLs and executables.
Webroot advises end and corporate users to apply the Adobe updates immediately.
You can find more about Dancho Danchev at his LinkedIn Profile. You can also follow him on Twitter.
Patience is sometimes needed when doing adobe acrobat patches. 4 computers 2 OS, 2 of them updated by simply clicking update and letting it do its thing. On one both click update and manual download through firefox both failed. Had to do a manual uninstall reinstall using IE to have it work. Other machine, click update failed but manual download through firefox worked fine. Had similar experiences last time adobe did major patches.
And, the downloads reset the java button to turn java back on for those of us who had turned it off.