Submission + - Adobe Warns of Critical Zero Day Vulnerability (securityweek.com)
wiredmikey writes: Adobe issued an advisory today on a zero-day vulnerability (CVE-2011-2462) that has come under attack in the wild.
According to Adobe, the issue is an U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac.
Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012.
According to Adobe, the issue is an U3D memory corruption vulnerability that can be exploited to cause a crash and permit an attacker to hijack a system. So far, there are reports the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac.
Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012.
Adobe Warns of Critical Zero Day Vulnerability More Login
Adobe Warns of Critical Zero Day Vulnerability
Slashdot Top Deals