Adobe verifies Reader vulnerabilities, offers workaround

Share this article:

Adobe has confirmed this its Reader and Acrobat software are susceptible to two vulnerabilities that are being used in targeted attacks.

Users' computers can become infected if they click on a malicious PDF file that is sent as part of an email. The company said in a Wednesday evening advisory that the bugs (CVE-2013-0640 and CVE-2013-0641) impact Reader and Acrobat for Windows and Mac 11.0.01 and earlier, 10.1.5 and earlier versions and 9.5.3 and earlier.

The exploits, first discovered by security firm FireEye, are able to bypass sandbox technology that Adobe unveiled with Adobe Reader X. The capability, dubbed “Protected Mode,” forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

While that feature isn't good enough to stop these advanced exploits, an additional capability known as "Protected View," which was added in October with the release of Adobe XI, is. However, users first must enable the control, according to Adobe. The advisory explains how under the "Mitigations" section.

Adobe said its working on a fix for the two flaws.

Share this article:

Sign up to our newsletters

More in News

Feds warn health care sector of looming cyber attacks

The FBI believes that the lax security systems that the health care industry has in place make it a prime target for cyber attacks.

Brazilian president signs internet 'Bill of Rights' into law

Brazilian president signs internet 'Bill of Rights' into ...

President Dilma Rousseff signed the legislation on Wednesday at the NetMundial conference in Sao Paulo.

Android trojan sends premium SMS messages, targets U.S. users for first time

Android trojan sends premium SMS messages, targets U.S. ...

An SMS trojan for Android, known as FakeInst, has been observed sending premium SMS messages to users all over the world, including, for the first time, the United States.