Virtual Event Now Live: Zero Trust Strategies Summit! - Login for Access
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Vulnerabilities

Adobe to Patch Critical Vulnerabilities in Reader, Acrobat This Week

Last week, security researchers from FireEye identified a PDF zero-day that was being used in targeted attacks. Shortly after, Adobe confirmed the existence of two critical vulnerabilities in Adobe Reader and Acrobat XI for Windows and Macintosh that were being exploited in active attacks.

Last week, security researchers from FireEye identified a PDF zero-day that was being used in targeted attacks. Shortly after, Adobe confirmed the existence of two critical vulnerabilities in Adobe Reader and Acrobat XI for Windows and Macintosh that were being exploited in active attacks.

On Saturday, Feb. 16, Adobe said that a patch is scheduled to be released this week to resolve the two vulnerabilities, CVE-2013-0640 and CVE-2013-0641.

The exploits were seen in extremely targeted attacks against high profile targets, and were sophisticated effort that appear to be the first to successfully escape Adobe’s “protected mode” sandbox.

“Adobe plans to make available updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux during the week of February 18, 2013,” the software maker wrote in an updated security advisory. 

Following the discovery of the targeted attacks by FireEye, the C&C server connected to this particular campaign has gone offline. The command and control server was hard-coded (fixed) in the malware used, and was hosted at a European web hosting provider before being taken offline.

Enterprise administrators can protect Windows users across their organization by enabling Protected View in the registry and propagating that setting via GPO or any other method, Adobe said. More information on mitigation via protected view can be found here

Written By

For more than 15 years, Mike Lennon has been closely monitoring the threat landscape and analyzing trends in the National Security and enterprise cybersecurity space. In his role at SecurityWeek, he oversees the editorial direction of the publication and is founder and director of several leading cybersecurity industry conferences around the world.

Click to comment

Trending

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join SecurityWeek and Hitachi Vantara for this this webinar to gain valuable insights and actionable steps to enhance your organization's data security and resilience.

Register

Event: ICS Cybersecurity Conference

The leading industrial cybersecurity conference for Operations, Control Systems and IT/OT Security professionals to connect on SCADA, DCS PLC and field controller cybersecurity.

Register

People on the Move

Nupur Goyal has joined cloud identity security and management solutions provider Saviynt as VP of Product Marketing.

Threat intelligence firm Intel 471 has appointed Mark Huebeler as its COO and CFO.

Omkhar Arasaratnam, former GM at OpenSSF, is LinkedIn's first Distinguised Security Engineer

More People On The Move

Expert Insights

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest cybersecurity news, threats, and expert insights. Unsubscribe at any time.