Acrobat zero-days
What is it?
There are two zero-day vulnerabilities [since patched] affecting Adobe Reader/Acrobat v9.4.6 and v10.1.1 and earlier on all supported platforms being actively exploited against v9.x for Windows.How does it work?
One of the vulnerabilities exists in the handling of embedded U3D data, while the other exists in the PRC component. Both can be exploited to corrupt memory, thus gaining control of the program flow and executing malicious code once a specially crafted PDF file is opened.
Should I be worried?
Users should be cautious about opening random PDF files. Reader X provides an extra layer of defense via the new sandbox feature, which protects against known exploits targeting the older 9.x branch.
How can I prevent it?
The company released an updated version (9.4.7) for the 9.x branch for Windows, and on Jan. 10 issued a fix for the 9.x branch for *NIX and Mac.
