Adobe verifies Reader vulnerabilities, offers workaround

Share this article:

Adobe has confirmed this its Reader and Acrobat software are susceptible to two vulnerabilities that are being used in targeted attacks.

Users' computers can become infected if they click on a malicious PDF file that is sent as part of an email. The company said in a Wednesday evening advisory that the bugs (CVE-2013-0640 and CVE-2013-0641) impact Reader and Acrobat for Windows and Mac 11.0.01 and earlier, 10.1.5 and earlier versions and 9.5.3 and earlier.

The exploits, first discovered by security firm FireEye, are able to bypass sandbox technology that Adobe unveiled with Adobe Reader X. The capability, dubbed “Protected Mode,” forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

While that feature isn't good enough to stop these advanced exploits, an additional capability known as "Protected View," which was added in October with the release of Adobe XI, is. However, users first must enable the control, according to Adobe. The advisory explains how under the "Mitigations" section.

Adobe said its working on a fix for the two flaws.

Share this article:

Sign up to our newsletters

More in News

Hackers target video game companies to lift copy protections and develop cheats

A threat group is targeting video game companies in order to lift DRM protections, develop cheats and possibly to steal source code.

Android malware spreads via mail tracking SMS spam

The mobile malware is currently targeting German users, McAfee revealed.

About 2,800 victims of worldwide info-stealing campaign targeting various sectors

About 2,800 victims of worldwide info-stealing campaign targeting ...

Unknown attackers have claimed about 2,800 victims in an ongoing information-stealing campaign identified by Kaspersky Lab as "Crouching Yeti."