News

Windows Threatened by Adobe Zero-Day Vulnerability

Adobe is warning of a new issue in Adobe Reader on Windows that could lead to attackers hijacking a system.

The "critical" issue, called "U3D memory corruption vulnerability" by Adobe, could cause a system to crash and also allow unrestricted access by hackers. The exploit is carried out by exploiting a hole in the compression file format called universal 3D. While other companies, including HP and Intel, use the universal 3D file format, there has been no word of this particular vulnerability popping up in non-Adobe software.

Adobe warned that the "vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows." The targets have included U.S. aerospace and defense contractor Lockheed Martin and MITRE, which manages many U.S. research centers, and others.

A patch is currently being worked on to fix the vulnerability found in Adobe Reader 9.x versions, and it should be released no later than Dec. 12, according to a security advisory issued on Tuesday. Fixing both Adobe Reader X and Acrobat X is considered to be a lower priority task for Adobe compared with fixing earlier versions of Reader.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012," wrote Wendy Poland, member of the Adobe Product Security Incident Response Team, in a blog post.

There is also less of a risk factor for Macintosh and UNIX systems to be exploited with this vulnerability so a fix will also wait until the next quarterly update.

In the mean time, Brad Arkin, senior director of Product Security & Privacy for Adobe, says that to be 100 percent sure your system is safe, update your older versions of Reader and Acrobat to X.

"We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install," wrote Arkin in a blog post. "Help us help you by running the latest version of the software!"

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

comments powered by Disqus

Reader Comments:

Add Your Comment Now:

Your Name:(optional)
Your Email:(optional)
Your Location:(optional)
Comment:
Please type the letters/numbers you see above

Redmond Tech Watch

Sign up for our newsletter.

I agree to this site's Privacy Policy.