News

Windows Threatened by Adobe Zero-Day Vulnerability

Adobe is warning of a new issue in Adobe Reader on Windows that could lead to attackers hijacking a system.

The "critical" issue, called "U3D memory corruption vulnerability" by Adobe, could cause a system to crash and also allow unrestricted access by hackers. The exploit is carried out by exploiting a hole in the compression file format called universal 3D. While other companies, including HP and Intel, use the universal 3D file format, there has been no word of this particular vulnerability popping up in non-Adobe software.

Adobe warned that the "vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows." The targets have included U.S. aerospace and defense contractor Lockheed Martin and MITRE, which manages many U.S. research centers, and others.

A patch is currently being worked on to fix the vulnerability found in Adobe Reader 9.x versions, and it should be released no later than Dec. 12, according to a security advisory issued on Tuesday. Fixing both Adobe Reader X and Acrobat X is considered to be a lower priority task for Adobe compared with fixing earlier versions of Reader.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012," wrote Wendy Poland, member of the Adobe Product Security Incident Response Team, in a blog post.

There is also less of a risk factor for Macintosh and UNIX systems to be exploited with this vulnerability so a fix will also wait until the next quarterly update.

In the mean time, Brad Arkin, senior director of Product Security & Privacy for Adobe, says that to be 100 percent sure your system is safe, update your older versions of Reader and Acrobat to X.

"We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install," wrote Arkin in a blog post. "Help us help you by running the latest version of the software!"

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft and SAP Enhance Partnership with Teams Integration

    Microsoft and SAP this week described continuing partnership efforts on Microsoft Azure, while also planning a Microsoft Teams integration with SAP's enterprise resource planning product and other solutions.

  • Blue Squares Graphic

    Microsoft Previews Azure IoT Edge for Linux on Windows

    Microsoft announced a preview of Azure IoT Edge for Linux on Windows, which lets organizations tap Linux virtual machine processes that also work with Windows- and Azure-based processes and services.

  • How To Automate Tasks in Azure SQL Database

    Knowing how to automate tasks in the cloud will make you a more productive DBA. Here are the key concepts to understand about cloud scripting and a rundown of the best tools for automating code in Azure.

  • Microsoft Open License To End Next Year for Government and Education Groups

    Microsoft's "Open License program" will end on Jan. 1, 2022, and not just for commercial customers, but also for government, education and nonprofit organizations.

comments powered by Disqus