Adobe Proposes Mitigation for Critical Adobe Reader/Acrobat 9.3.4 Vulnerability
UPDATE September 14: Adobe announced a fix will be issued during the week of October 4. Adobe also announced Flash Player 10.1 is plagued by critical vulnerability that also affects Adobe Reader and Adobe Acrobat. A patch for this issue will also be released during the week of October 4.
Last week Adobe announced that Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac are plagued by a critical vulnerability that, if exploited by a person with malicious intent, could allow said person to crash the targeted system and even take control of the targeted system.
At the time Adobe posted a security advisory online here. But the advisory did not say much. It simply said the California-based company that specializes in creating multimedia and creativity software products is aware its products are plagued by a critical vulnerability and that it is working to issue a fix as soon as possible. In the advisory Adobe also said the vulnerability is being actively exploited in the wild.
Adobe has updated the advisory with a mitigation option for Windows users. Here’s what Adobe says in the advisory:
“Current exploits in the wild target the Windows platform. Customers using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited. Note that due to the time-sensitive nature of this issue, testing of the functional compatibility of this mitigation has been limited. Therefore, we recommend that you also test the mitigation in your environment to minimize any impact on your workflows.”
Microsoft Security Research & Defense’s Fermin J. Serna and Andrew Roths posted a detailed article on how you can use EMET 2.0 to prevent the exploitation of the Adobe Reader and Adobe Acrobat vulnerability mentioned above. You can read it here.
Until Adobe releases an update for the critical, exploited in the wild vulnerability that plagues Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4, users are well advised to keep their security software applications up to date.
Last week Adobe announced that Adobe Reader 9.3.4 and earlier versions for Windows, Mac and UNIX, as well as Adobe Acrobat 9.3.4 and earlier versions for Windows and Mac are plagued by a critical vulnerability that, if exploited by a person with malicious intent, could allow said person to crash the targeted system and even take control of the targeted system.
At the time Adobe posted a security advisory online here. But the advisory did not say much. It simply said the California-based company that specializes in creating multimedia and creativity software products is aware its products are plagued by a critical vulnerability and that it is working to issue a fix as soon as possible. In the advisory Adobe also said the vulnerability is being actively exploited in the wild.
Adobe has updated the advisory with a mitigation option for Windows users. Here’s what Adobe says in the advisory:
“Current exploits in the wild target the Windows platform. Customers using Adobe Reader or Acrobat 9.3.4 or earlier on Windows can utilize Microsoft's Enhanced Mitigation Evaluation Toolkit (EMET) to help prevent this vulnerability from being exploited. Note that due to the time-sensitive nature of this issue, testing of the functional compatibility of this mitigation has been limited. Therefore, we recommend that you also test the mitigation in your environment to minimize any impact on your workflows.”
Microsoft Security Research & Defense’s Fermin J. Serna and Andrew Roths posted a detailed article on how you can use EMET 2.0 to prevent the exploitation of the Adobe Reader and Adobe Acrobat vulnerability mentioned above. You can read it here.
Until Adobe releases an update for the critical, exploited in the wild vulnerability that plagues Adobe Reader 9.3.4 and Adobe Acrobat 9.3.4, users are well advised to keep their security software applications up to date.
