(LiveHacking.Com) – Adobe has published a security advisory for Adobe Reader and Acrobat detailing a “critical” vulnerability which when exploited can cause a crash and potentially allow an attacker to take control of the affected system. There are also reports that this vulnerability is being actively exploited on the Internet, specifically against Adobe Reader 9.x on Windows.
The vulnerability, which affects Adobe Acrobat X and Adobe Reader X and earlier versions for Windows and Macintosh, and Adobe Reader 9.x versions for UNIX, is in the Universal 3D (U3D) processing. U3D is a compressed file format standard for 3D computer graphics data which is natively supported by PDF. A U3D memory corruption causes the vulnerability and can allow an attacker to take control of the affected system.
Adobe Reader X using Protected Mode and Adobe Acrobat X using Protected View are not vulnerable. Therefore Adobe will release a fix for Adobe Reader 9.x and Acrobat 9.x for Windows no later than the week of December 12, 2011. However, Adobe Reader X and Adobe Acrobat X will be updated in the next quarterly security update which is currently scheduled for January 10, 2012 when the Mac and UNIX versions will also be updated.
According to Brad Arkin, the Senior Director for Product Security and Privacy at Adobe, the rationale behind releasing a hot fix only for Adobe Reader and Acrobat 9.4.6 on Windows is that “this is the version and platform currently being targeted.”
“All real-world attack activity, both in this instance and historically, is limited to Adobe Reader on Windows. We have not received any reports to date of malicious PDFs being used to exploit Adobe Reader or Acrobat for Macintosh or UNIX for this CVE (or any other CVE)” he wrote.
It is therefore essential that Adobe Reader X and Adobe Acrobat X users verify that they are using Protected View / Mode.
- To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure “Files from potentially unsafe locations” or “All files” with “Enable Enhanced Security” are checked.
- To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that “Enable Protected Mode at startup” is checked.