From the desk of: Sam C. Chan

Advisory: Adobe Reader & Acrobat Vulnerability

January 20, 2009

A critical vulnerability in Adobe Reader 9 and Acrobat 9 allows an attacker to take complete control of a computer and for which exploits had been reportedly found in the wild already.

This is only applicable to the few of you who are using Adobe Reader & Acrobat. The vast majority of you are using Fox-it, which is unaffected by this vulnerability.

Note:

  • This vulnerability affects both Adobe Reader and Adobe Acrobat; in all versions: 7.x/8.x/9.x; on all 3 platforms (Windows/Mac/Linux).
  • There are currently no remedies (unpatched bug). Adobe is currently working on it, and a patch should be released in the next month or two.

March 10, 2009

Summary from Adobe official bulletin APSB09-03 (CVE-2009-0658):

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates. For more information, please refer to Security Bulletin APSB09-04.

Patches for Windows to be available by March 18, with Mac/Linux version to follow in another week or so.

Copyright @2005-2006   Bravo Technology Center  *  Bravo:GO  *  Contact Us