News

Windows Threatened by Adobe Zero-Day Vulnerability

Adobe is warning of a new issue in Adobe Reader on Windows that could lead to attackers hijacking a system.

The "critical" issue, called "U3D memory corruption vulnerability" by Adobe, could cause a system to crash and also allow unrestricted access by hackers. The exploit is carried out by exploiting a hole in the compression file format called universal 3D. While other companies, including HP and Intel, use the universal 3D file format, there has been no word of this particular vulnerability popping up in non-Adobe software.

Adobe warned that the "vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows." The targets have included U.S. aerospace and defense contractor Lockheed Martin and MITRE, which manages many U.S. research centers, and others.

A patch is currently being worked on to fix the vulnerability found in Adobe Reader 9.x versions, and it should be released no later than Dec. 12, according to a security advisory issued on Tuesday. Fixing both Adobe Reader X and Acrobat X is considered to be a lower priority task for Adobe compared with fixing earlier versions of Reader.

"Because Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing, we are currently planning to address this issue in Adobe Reader X and Acrobat X for Windows with the next quarterly security update for Adobe Reader and Acrobat, currently scheduled for January 10, 2012," wrote Wendy Poland, member of the Adobe Product Security Incident Response Team, in a blog post.

There is also less of a risk factor for Macintosh and UNIX systems to be exploited with this vulnerability so a fix will also wait until the next quarterly update.

In the mean time, Brad Arkin, senior director of Product Security & Privacy for Adobe, says that to be 100 percent sure your system is safe, update your older versions of Reader and Acrobat to X.

"We put a tremendous amount of work into securing Adobe Reader and Acrobat X, and, to date, there has not been a single piece of malware identified that is effective against a version X install," wrote Arkin in a blog post. "Help us help you by running the latest version of the software!"

About the Author

Chris Paoli is the site producer for Redmondmag.com and MCPmag.com.

Featured

  • Microsoft Ups Its Windows 10 App Compatibility Assurances

    Microsoft gave assurances this week that organizations adopting Windows 10 likely won't face application compatibility issues.

  • SharePoint Online Users To Get 'Modern' UI Push in April

    Microsoft plans to alter some of the tenant-level blocking capabilities that may have been set up by organizations and deliver its so-called "modern" user interface (UI) to Lists and Libraries for SharePoint Online users, starting in April.

  • How To Use PowerShell Splatting

    Despite its weird name, splatting can be a really handy technique if you create a lot of PowerShell scripts.

  • New Microsoft Customer Agreement for Buying Azure Services To Start in March

    Microsoft will have a new approach for organizations buying Azure services called the "Microsoft Customer Agreement," which will be available for some customers starting as early as this March.

comments powered by Disqus
Most   Popular

Office 365 Watch

Sign up for our newsletter.

Terms and Privacy Policy consent

I agree to this site's Privacy Policy.