Adobe verifies Reader vulnerabilities, offers workaround

Share this article:

Adobe has confirmed this its Reader and Acrobat software are susceptible to two vulnerabilities that are being used in targeted attacks.

Users' computers can become infected if they click on a malicious PDF file that is sent as part of an email. The company said in a Wednesday evening advisory that the bugs (CVE-2013-0640 and CVE-2013-0641) impact Reader and Acrobat for Windows and Mac 11.0.01 and earlier, 10.1.5 and earlier versions and 9.5.3 and earlier.

The exploits, first discovered by security firm FireEye, are able to bypass sandbox technology that Adobe unveiled with Adobe Reader X. The capability, dubbed “Protected Mode,” forces operations that display PDF files to the user to be run inside a confined environment, known as a sandbox, in which certain functions are prohibited.

While that feature isn't good enough to stop these advanced exploits, an additional capability known as "Protected View," which was added in October with the release of Adobe XI, is. However, users first must enable the control, according to Adobe. The advisory explains how under the "Mitigations" section.

Adobe said its working on a fix for the two flaws.

Share this article:

Sign up to our newsletters

More in News

New backdoor 'Baccamun' spreads through ActiveX exploit

Symantec researchers revealed that the backdoor is dropped after attackers exploit a Windows ActiveX vulnerability.

Outdated browsers put U.K. users at risk of malware

A blog post on Check and Secure website said 70 percent of U.K. users haven't fully updated their internet browsers

Survey: 53 percent change privileged logins quarterly

A Lieberman Software survey highlights the issue or poor password management, even among security pros.