Adobe Updates Acrobat, Reader to Guard against Flash Zero-Day

Adobe is once again releasing software updates to address a zero-day vulnerability in Adobe Flash. Adobe already unleashed an updated version of Adobe Photoflash itself, merely today it is also cathartic updated versions of Acrobat and Reader which both rely on a endangered component part of Trashy.

The updates arrived sooner than expected, perhaps in response to new exploits in the wild. The Adobe security consultive explains, "In that location are reports that this vulnerability is existence actively exploited in the wild against some Adobe brick Flash Player, and Adobe Reader and Acrobat, as comfortably As via a Flash (.swf) file integrated in a Microsoft Word (.medico) Beaver State Microsoft Stand out (.xls) register delivered as an email attachment targeting the Windows chopine."

Adobe patched most versions of Acrobat and Reader to pay off Gaudy zip-day.

Qualys CTO Wolfgang Kandek describes the current threat in a recent blog post. Kandek says that the beady-eyed Good Book document file fastening typically has a legitimate sounding name to decoy users into opening it. Just, as before long as the victim opens the affixation, the Flash zero-day vulnerability is exploited to install a remote control agent, and and so a second Word document is opened which contains the real calm. The insidious theatrical role is that it every happens in the blink of an eye–much faster than most users would even notice.

I have acanthoid out that the similarities of the back to back cardinal-day flaws in Flash seems to suggest they are related, and suggest that perhaps Adobe rushed the patch thus much the starting time time around that it missed some key element of the vulnerability. Simply, an Adobe brick spokesperson masculine that the two Flash vulnerabilities are completely unrelates, explaining, "The two vulnerabilities existed in entirely divergent parts of the code and different ActionScript Virtual Machines (AVMs)."

The affected software includes Adobe Reader X (10.0.1) and earlier versions for Windows, Adobe Lector X (10.0.2) and earlier versions for Macintosh, and Adobe Acrobat X (10.0.2) and earlier versions for Windows and Macintosh. Users of these products are strongly encouraged to download and install the updated software every bit soon as possible.

Adobe brick is inactive material possession out for the diarrhoetic every quarter update cycle in June to patch the Windows translation of Adobe Reader X. Adobe states that the Protected Mode sandbox protection in Proofreader X for Windows wish prevent whatsoever exploit from executing, indeed it does not consider it a priority for developing an out-of-band update.