Site icon Secplicity – Security Simplified

Adobe Reader X Update Corrects Zero Day Vulnerability

Corey Nachreiner

Severity: High

Summary:

Exposure:

Adobe Reader helps you view PDF documents, while Acrobat helps you create them. Since PDF documents are very popular, most users install Reader to handle them.

Last week, Adobe released a security bulletin fixing two zero day vulnerabilities in the popular Reader program. We first described these zero day vulnerabilities in a WatchGuard Security Week in Review episode earlier in the month. Though the two flaws may differ technically, they share the same general scope and impact. If an attacker can entice you into opening a specially crafted PDF file, he can exploit either of these issues to execute code on your computer, with your privileges. If you have root or system administrator privileges, the attacker gains complete control of your machine.

Since attackers are exploiting these flaws in the wild, Adobe has assigned them a Priority 1 rating; especially against Windows and Mac computers. We recommend you patch immediately, if you haven’t already

Solution Path:

Adobe has released Reader and Acrobat updates. We recommend you download and deploy the corresponding update immediately, or let Adobe’s automatic updater do it for you.

For All WatchGuard Users:

Attackers can exploit these flaws using diverse exploitation methods. Though our IPS and AV services may help prevent some of these attacks, or the malware they try to load, installing Adobe’s updates is your most secure course of action.

Status:

Adobe has released patches correcting these issues.

References:

This alert was researched and written by Corey Nachreiner, CISSP (@SecAdept).

Exit mobile version