In a security bulletin, Adobe confirmed that the vulnerabilities could cause Reader and Acrobat to crash, potentially opening the door for an attacker to gain control of the system.
“Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message,” the company revealed in the bulletin.
Adobe said it’s currently working on a fix for the security issue and will update its bulletin once a launch has been scheduled. In the meantime, Windows users of Adobe Reader XI and Acrobat XI can protect themselves from the security exploit by turning on Protected View as follows:
Open Reader or Acrobat. Click on the Edit menu, select Preferences, and then click on the Security (or Security Enhanced) option. In the Protected View section at the top of the window, click on the button to enable “Files from potentially unsafe locations” and then click OK.
The workaround above helps Windows users of Reader and Acrobat XI. But the flaw itself affects several different versions of the products, specifically:
- Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh
- Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
- Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh
- Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh
Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
The vulnerability was reportedly uncovered by security firm FireEye, which explained how it’s exploited by attackers:
To read more of this article by Lance Whitney of CNET.com click here.