NEWS
NEWS
NEWS
Critical Adobe Reader Zero-day Vulnerability Seen in the Wild
Yesterday, researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers.
The exploit affects all versions of Adobe Reader and Adobe Acrobat 9.x and higher, including Adobe Reader X and Adobe Acrobat X (10.1.1) for Windows, Macintosh, and UNIX.
“This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system,” wrote Adobe in their incident report, explaining that this essentially a memory-corruption and privilege escalation exploit. “There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing.”
According to a blog post on the subject, Adobe has published that they are currently engineering a fix for the issue and expect to make it available for Windows version Adobe Reader 9.x and Acrobat 9.x no lager than December 12, 2011. Adobe Acrobat and Reader X have much more sufficient protected mode capabilities so Adobe believes that it is hardened enough to avoid the exploit, so a fix to that will not be coming until January 10, 2012.
Macintosh and UNIX will wait as they’re much more difficult to exploit.
However, the exploit has already been seen active in the wild and it is expected that it’s being used by criminal and espionage organizations to attempt to infiltrate defense corporations and others.
A message from John Furrier, co-founder of SiliconANGLE:
Support our open free content by sharing and engaging with our content and community.
Join theCUBE Alumni Trust Network
Where Technology Leaders Connect, Share Intelligence & Create Opportunities
11.4k+
CUBE Alumni Network
C-level and Technical
Domain Experts
15M+
theCUBE
Viewers
Connect with 11,413+ industry leaders from our network of tech and business leaders forming a unique trusted network effect.
SiliconANGLE Media is a recognized leader in digital media innovation serving innovative audiences and brands, bringing together cutting-edge technology, influential content, strategic insights and real-time audience engagement. As the parent company of SiliconANGLE, theCUBE Network, theCUBE Research, CUBE365, theCUBE AI and theCUBE SuperStudios — such as those established in Silicon Valley and the New York Stock Exchange (NYSE) — SiliconANGLE Media operates at the intersection of media, technology, and AI. .
Founded by tech visionaries John Furrier and Dave Vellante, SiliconANGLE Media has built a powerful ecosystem of industry-leading digital media brands, with a reach of 15+ million elite tech professionals. The company’s new, proprietary theCUBE AI Video cloud is breaking ground in audience interaction, leveraging theCUBEai.com neural network to help technology companies make data-driven decisions and stay at the forefront of industry conversations.
