Adobe verifies Reader vulnerabilities, offers workaround

Share this article:

Adobe has confirmed this its Reader and Acrobat software are susceptible to two vulnerabilities that are being used in targeted attacks.

Users' computers can become infected if they click on a malicious PDF file that is sent as part of an email. The company said in a Wednesday evening advisory that the bugs (CVE-2013-0640 and CVE-2013-0641) impact Reader and Acrobat for Windows and Mac 11.0.01 and earlier, 10.1.5 and earlier versions and 9.5.3 and earlier.

The exploits, first discovered by security firm FireEye, are able to bypass sandbox technology that Adobe unveiled with Adobe Reader X. The capability, dubbed “Protected Mode,” forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

While that feature isn't good enough to stop these advanced exploits, an additional capability known as "Protected View," which was added in October with the release of Adobe XI, is. However, users first must enable the control, according to Adobe. The advisory explains how under the "Mitigations" section.

Adobe said its working on a fix for the two flaws.

Share this article:
You must be a registered member of SC Magazine to post a comment.

Sign up to our newsletters

TOP COMMENTS

More in News

ISSA tackles workforce gap with career lifecycle program

ISSA tackles workforce gap with career lifecycle program ...

On Thursday, the group launched its Cybersecurity Career Lifecycle (CSCL) program.

Amplification DDoS attacks most popular, according to Symantec

Amplification DDoS attacks most popular, according to Symantec

The company noted in a whitepaper released on Tuesday that Domain Name Server amplification attacks have increased 183 percent between January and August.

Court shutters NY co. selling security software with "no value"

A federal court shut down Pairsys at the request of the Federal Trade Commission.