Jump to content


Photo

Security Advisory for Adobe Reader and Acrobat


  • Please log in to reply
2 replies to this topic

#1 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 14 February 2013 - 09:18 PM

Security Advisory for Adobe Reader and Acrobat

Release date: February 13, 2012

Last updated: February 14, 2012

Vulnerability identifier: APSA13-02

CVE number: CVE-2013-0640, CVE-2013-0641

Platform: All Platforms

 

Summary

Adobe has identified critical vulnerabilities (CVE-2013-0640, CVE-2013-0641) in Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier for Windows and Macintosh, and Adobe Reader 9.5.3 for Linux.  These vulnerabilities could cause the application to crash and potentially allow an attacker to take control of the affected system. 

 

Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message.

Adobe is in the process of working on a fix for these issues and will update this advisory when a date for the fix has been determined.

 

Mitigations

Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View. To enable this setting, choose the "Files from potentially unsafe locations" option under the Edit > Preferences > Security (Enhanced) menu.

 

Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method. Further information about enabling Protected View for the enterprise is available here.

 

Read full Advisory: https://www.adobe.com/support/security/advisories/apsa13-02.html



#2 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 18 February 2013 - 04:32 AM

Advisory Update: February 16, 2013
 

Adobe is in the process of working on fixes for these issues and plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013.

 

https://www.adobe.co.../apsa13-02.html



#3 Chachazz

Chachazz

    Is GSF inventory

  • General Admin
  • 36,503 posts

Posted 20 February 2013 - 07:59 PM

Updates are now available - see the Security Bulletin published today:
https://www.adobe.co.../apsb13-07.html

 

For detailed Release Notes, please see the Enterprise Toolkit.

 

Windows downloads: https://www.adobe.co...latform=Windows

 

Mac downloads: https://www.adobe.co...tform=Macintosh

 

Unix downlaods: https://www.adobe.co...0&platform=Unix