Advisory:
Adobe Reader & Acrobat Vulnerability January 20, 2009
A critical vulnerability in Adobe Reader 9 and Acrobat 9 allows an
attacker to take complete control of a computer and for which exploits
had been reportedly found in the wild already.
This is only applicable to the few of you who are using Adobe Reader
& Acrobat. The vast majority of you are using Fox-it, which is
unaffected by this vulnerability. Note:
- This vulnerability affects both Adobe Reader and Adobe Acrobat; in all versions: 7.x/8.x/9.x; on all 3 platforms
(Windows/Mac/Linux).
- There are currently no remedies (unpatched bug). Adobe is
currently working on it, and a patch should be released in the next
month or two.
March 10, 2009
Summary from Adobe official bulletin
APSB09-03 (CVE-2009-0658):
A
critical vulnerability has been identified in Adobe Reader 9 and Acrobat
9 and earlier versions. This vulnerability would cause the application
to crash and could potentially allow an attacker to take control of the
affected system. There are
reports that this issue is being exploited.
Adobe recommends users of Adobe Reader and Acrobat 9 update to Adobe
Reader 9.1 and Acrobat 9.1. Adobe recommends users of Acrobat 8 update
to Acrobat 8.1.4, and users of Acrobat 7 update to Acrobat 7.1.1. For
Adobe Reader users who can’t update to Adobe Reader 9.1, Adobe has
provided the Adobe Reader 8.1.4 and Adobe Reader 7.1.1 updates. For more
information, please refer to Security Bulletin APSB09-04.
Patches for Windows to be available by March 18, with Mac/Linux
version to follow in another week or so.
|