Adobe are facing more software troubles, by malicious code which exploits a flaw in their software. This allows the hacker to crash Adobe Reader and Acrobat, taking control of the machine. Adobe plan on releasing an update by next week for Windows based systems only.
Brad Arkin, senior director of product security and privacy for Adobe said in a blog post “The reason for addressing this issue quickly for Adobe Reader and Acrobat 9.4.6 for Windows is simple: This is the version and platform currently being targeted. All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE).”
People who are using Adobe Reader or Acrobat 9, and older versions, should immediately update to Adobe Reader or Acrobat X which are safe from the exploit due to the ‘Protected Mode’ and ‘Protected View’ features. Their advisory can be read here. The next scheduled security update is set for January 10th 2012.
He added “The risk to Macintosh and UNIX users is significantly lower. We are therefore planning to address this issue in Adobe Reader and Acrobat X and earlier versions for Macintosh as part of the next quarterly update on January 10, 2012. An update to address this issue in Adobe Reader 9.x for UNIX is planned for January 10, 2012.”
In 2009, Adobe earned the title of ‘most hacked software of the year’ when malicious PDF files accounted for more than 80% of all exploits in the year. Other analysts recommend alternative PDF software such as Foxit Reader and Nitro Reader or even Chrome PDF viewer plug in.