Adobe Warns of Critical Zero-Day Vulnerability in Reader and Acrobat Products

Found on Security Week on Wednesday, 07 December 2011

So far, there are reports that the vulnerability is being exploited in limited, targeted attacks against Adobe Reader 9.x on Windows. However, the bug also affects Adobe Reader and Acrobat 9.4.6 and earlier 9.x versions for UNIX and Macintosh computers, as well as Adobe Reader X (10.1.1) and Acrobat X (10.1.1) and earlier 10.x versions on Windows and Mac.

Patches for Windows and Mac users of Adobe Reader X and Acrobat X will come on the next quarterly update, scheduled for Jan. 10, 2012. The fix for Adobe Reader 9.x for UNIX will come Jan. 12 as well.

Acrobat Reader is an insane piece of bloatware. Being one of the main attack vectors and thanks to all its background processes and update tools, it should never be installed on any system. Let's not forget that it requires hundreds of megabytes of diskspace just to display a pdf. Something other tools do better while needing less than 10MB.

Browse all articles« Previous « » Next »