This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. > Find out more here
by Phil Muncaster
16 Dec 2011
Adobe has promised to issue a patch on Friday for a critical flaw in its Reader and Acrobat products currently being exploited in the wild, which could allow hackers to remotely take control of systems.
Adobe said in a security advisory posted last week that the "U3D memory corruption vulnerability" affects Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for Unix, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh.
Since then, reports have circulated that the flaw is being used by hackers to craft spam emails with malicious PDF attachments.
"We have started seeing a small number of targeted samples in Sophos Labs of attackers trying to use this vulnerability in email attachments. The emails are well crafted and look very believable," said Sophos Canada senior security advisor Chester Wisniewski in a blog post last week.
Adobe said at the time that the patch will be ready at some point in the week beginning 12 December, so it is still on track to deliver.
"We are in the process of finalising a fix for the issue and expect to make available an update for Adobe Reader 9.x and Acrobat 9.x for Windows on 16 December 2011," the firm said in an updated advisory.
"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for 10 January 2012."
Adobe added that Mac versions of Reader and Acrobat and Adobe Reader 9.x for Unix will also be addressed in the next scheduled update.
Security admins have had a busy week already in the run up to Christmas, after Microsoft issued 13 bulletins on Tuesday covering 20 flaws, three of them critical.
Latest stories from Security
Related videos
Related articles
Related jobs
Poll
How concerned are you by the rising tide of cyber threats?
BlackBerry's latest smartphone is a mid-tier handset that will cost less than the Q10 and Z10
Updating your subscription status
Connect with V3.co.uk
It's no longer one or other with web security; you can now have a virtualisation and SaaS hybrid model
BYOD is important for employee satisfaction, but poses challenges in terms of security, productivity loss and costs
Junior ICT Technician/ Field Engineer- Windows, Apple...
RiO configuration analyst required for a 1 month contract...
SAP Business Objects - Microsoft Business Intelligence...
My client, a large online travel agent located in Central...
Keep up to date with the latest products, services and technologies from the world's leading IT companies. IThound.com brings you over 2,000 white papers, case studies and analyst reports.
Do you agree