Friday, October 9, 2009

Zero-Day Attacks Exploit Reader, Acrobat Vulnerabilities

What's happening: Adobe has issued an alert that cyber-criminals are exploiting several vulnerabilities in their Reader and Acrobat programs for which Adobe does not yet have patches.

What it means: Until these vulnerabilities are patched, users of Acrobat & Reader are at-risk of having cyber-criminals take control of their computers.

What to do: Inform staff to be wary of opening unexpected PDFs sent sent via email or PDFs downloaded from the internet. Alert IT staff to be prepared to install patches when they become available. Consider replacing your current anti-malware solution with a host intrusion prevention solution.

**********************************
From Brian Krebs; Washington Post: Adobe Warns of Critical Threat to Reader, Acrobat Users

Adobe Systems Inc. late Thursday issued an alert saying that hackers are exploiting a newly-discovered vulnerability in its free PDF Reader and Acrobat products to break into Microsoft Windows systems.

http://voices.washingtonpost.com/securityfix/2009/10/adobe_warns_of_critical_threat.html