Today Adobe Systems has issued an advisory on a zero-day vulnerability (CVE-2011-2462) that has come been discovered and is actively being exploited.
Adobe is reporting that the issue is a U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports that the vulnerability is being exploited in limited to just Adobe Reader 9.x on Windows.
Adobe has confirmed that Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac are vulnerable.
Adobe’s advisory states: “We are in the process of finalizing a fix for the issue and expect to make available an update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011,”
Brad Arkin, senior director of product security and privacy for Adobe, blogged that the reason the company was focused on Adobe Reader 9.x. on Windows first is because that is the version being targeted. Patches for Windows and Mac users of Adobe Reader X and Acrobat X are expected to be in the next quarterly update, scheduled for Jan. 10, 2012. The fix for Adobe Reader 9.x for UNIX will come Jan. 12 as well. Until the update is release Adobe has stated that Adobe Reader X Protected Mode and Acrobat X Protected View offer some mitigation against the exploit.
Many security researchers have stated that in the coming years they expect Acrobat to be a major avenue for Security exploits due to its popularity and that fact that Microsoft has recently started doing a much better job with Windows 7 security, forcing Malware and virus writers to look for “easier” attack vectors.
Advanced Network Consulting recommends that all users, Windows user as well as MAC users ensure that auto updates are enabled and working properly for all of the Adobe products that they have installed on their Desktop or laptop computers.
About Advanced Network Consulting:
For businesses focused in Southern California, Advanced Network Consulting offers on-site and remote network and server support. If your business needs assistance, feel free to give us a call. ONE HOUR FREE network evaluation is offered for new clients.
Advanced Network Consulting has been providing Information Technology consulting solutions for Southern California business for almost 20 years. Specializing in Microsoft based solutions, we offer years of expertise in Windows Servers, Exchange, SQL Server as well as a deep knowledge or general networking. Advanced Network Consulting is your one stop computer consulting solution provider. From network cabling and office relocation’s, server, desktop and laptop installations to staff training, troubleshooting, upgrades and everything in between, Advanced Network Consulting can provide the solution your business is looking for.