Adobe issues critical zero-day patch for Reader and Acrobat

Filed Under: Adobe, Malware, Vulnerability

adobe logo
Adobe have just released an out-of-cycle patch to address a critical vulnerability (CVE-2011-0609) in Adobe Reader and Acrobat for Windows and Mac. Naked Security recommends that all users update now.

The vulnerability can causes system crashes and potentially allow an attacker to take control of the affected computer.

There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode would prevent an exploit of this kind from executing. Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Sophos customers should visit Sophos's support article, Vulnerability: APSA11-01 - Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat, for more information and advice.

Where to update:

Adobe Reader 9.x users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Acrobat Standard and Pro users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat Pro users on Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for June 14, 2011.

, , , , , ,

You might like

One Response to Adobe issues critical zero-day patch for Reader and Acrobat

  1. Richard · 1246 days ago

    They've patched v9, and they've patched v10 on the Mac, but they've decided to leave the vulnerability in v10 for Windows until June:

    "... we are planning to address this issue in Adobe Reader X for Windows with the next quarterly security update for Adobe Reader, currently scheduled for June 14, 2011"

    Hey, what's the worst that could happen?!

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s

About the author

Hi. I am a social, brand and communications expert with 10 years in senior roles in the tech space. I'm currently Sophos' s Global Director of Social Media and Communities. Proudest work achievement? Creating and launching award-winning Naked Security. Outside work, I am a mean cook, an avid reader, a chronic insomniac, a podcast obsessive and blogger .