Feeds

Adobe kills two actively exploited bugs in Reader

Unscheduled update coming to Windows machine near you

Top 5 reasons to deploy VMware with Tegile

Adobe has released updates for its Reader and Acrobat applications that fix two vulnerabilities that attackers were exploiting to seize control of Windows-based machines.

Version 9.4.7 of the programs fix two memory-corruption bugs that Adobe says are “being actively exploited in limited, targeted attacks in the wild” against machines running Windows. The same bugs are present in Mac and Unix versions of the applications, but there are no reports of machines running them being exploited. The bugs are also present in Reader X for Windows, but a security sandbox, which Adobe added last year to minimize the damage that results from code flaws, prevents the attacks from working.

As a result, those versions will be updated next month, during a regularly scheduled patch release.

Adobe warned of the attacks earlier this month in an advisory that credited military contractor Lockheed Martin and the Defense Security Information Exchange. A day later, researchers from antivirus provider Symantec warned that email-born attacks exploiting the flaw to install the Backdoor.Sykipot were detected as early as November 1. The vulnerability in the U3D, or Universal 3D, file format is identified as CVE-2011-2462.

On Friday, Adobe said a second vulnerability – in an RPC, or remote procedure call, component – was also under attack. It's identified as CVE-2011-4369. Adobe representatives provided no other details of the vulnerability, except to say they are “only aware of one instance” of it being used. ®

Remote control for virtualized desktops

More from The Register

next story
Knock Knock tool makes a joke of Mac AV
Yes, we know Macs 'don't get viruses', but when they do this code'll spot 'em
Feds seek potential 'second Snowden' gov doc leaker – report
Hang on, Ed wasn't here when we compiled THIS document
Why weasel words might not work for Whisper
CEO suspends editor but privacy questions remain
DEATH by PowerPoint: Microsoft warns of 0-day attack hidden in slides
Might put out patch in update, might chuck it out sooner
BlackEnergy crimeware coursing through US control systems
US CERT says three flavours of control kit are under attack
prev story

Whitepapers

Why cloud backup?
Combining the latest advancements in disk-based backup with secure, integrated, cloud technologies offer organizations fast and assured recovery of their critical enterprise data.
Getting started with customer-focused identity management
Learn why identity is a fundamental requirement to digital growth, and how without it there is no way to identify and engage customers in a meaningful way.
High Performance for All
While HPC is not new, it has traditionally been seen as a specialist area – is it now geared up to meet more mainstream requirements?
New hybrid storage solutions
Tackling data challenges through emerging hybrid storage solutions that enable optimum database performance whilst managing costs and increasingly large data stores.
Mitigating web security risk with SSL certificates
Web-based systems are essential tools for running business processes and delivering services to customers.