Zero day hole in Adobe Reader and Acrobat

February 20, 2009 – 6:27 AM

A critical vulnerability has been identified in Adobe Reader 9 and Acrobat 9 and earlier versions. This vulnerability would cause the application to crash and could potentially allow an attacker to take control of the affected system. There are reports that this issue is being exploited.

Adobe is planning to release updates to Adobe Reader and Acrobat to resolve the relevant security issue. Adobe expects to make available an update for Adobe Reader 9 and Acrobat 9 by March 11th, 2009. Updates for Adobe Reader 8 and Acrobat 8 will follow soon after, with Adobe Reader 7 and Acrobat 7 updates to follow. In the meantime, Adobe is in contact with anti-virus vendors, including McAfee and Symantec, on this issue in order to ensure the security of our mutual customers. A security bulletin will be published on http://www.adobe.com/support/security as soon as product updates are available.

Adobe categorizes this as a critical issue and recommends that users update their virus definitions and exercise caution when opening files from untrusted sources.

Source:
http://www.adobe.com/support/security/advisories/apsa09-01.html

  1. One Response to “Zero day hole in Adobe Reader and Acrobat”

  2. Shadowserver’s recommended mitigation is a reasonable idea: disable Javascript in the Acrobat client:

    Edit -> Preferences -> JavaScript and uncheck Enable Acrobat JavaScript

    By manunkind on Feb 20, 2009

You must be logged in to post a comment.