Adobe issues critical zero-day patch for Reader and Acrobat

adobe logo

adobe logo
Adobe have just released an out-of-cycle patch to address a critical vulnerability (CVE-2011-0609) in Adobe Reader and Acrobat for Windows and Mac. Naked Security recommends that all users update now.

The vulnerability can causes system crashes and potentially allow an attacker to take control of the affected computer.

There are reports that this vulnerability is being exploited in the wild in targeted attacks via a Flash (.swf) file embedded in a Microsoft Excel (.xls) file delivered as an email attachment.

At this time, Adobe is not aware of attacks targeting Adobe Reader and Acrobat. Adobe Reader X Protected Mode would prevent an exploit of this kind from executing. Adobe Reader 9.x for UNIX, Adobe Reader for Android, and Adobe Reader and Acrobat 8.x are not affected by this issue.

Sophos customers should visit Sophos’s support article, Vulnerability: APSA11-01 – Security Advisory for Adobe Flash Player, Adobe Reader and Acrobat, for more information and advice.

Where to update:

Adobe Reader 9.x users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Windows.

Adobe Reader users on Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=10&platform=Macintosh.

Acrobat Standard and Pro users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Windows.

Acrobat Pro Extended users on Windows:
http://www.adobe.com/support/downloads/product.jsp?product=158&platform=Windows.

Acrobat Pro users on Macintosh:
http://www.adobe.com/support/downloads/product.jsp?product=1&platform=Macintosh.

The next quarterly security updates for Adobe Reader and Acrobat are currently scheduled for June 14, 2011.