Adobe to release zero-day fixes for Reader and Acrobat

Adobe is scheduled to release updates to Acrobat and Reader that address a zero-day flaw in the software that could allow an attacker to take control of a compromised system.

Topher Kessler MacFixIt Editor

Topher, an avid Mac user for the past 15 years, has been a contributing author to MacFixIt since the spring of 2008. One of his passions is troubleshooting Mac problems and making the best use of Macs and Apple hardware at home and in the workplace.

See full bio

Topher Kessler

Jan. 10, 2012 11:39 a.m. PT

2 min read

In early December, Adobe issued a security bulletin regarding new zero-day PDF-based attacks that took advantage of flaws in its Reader and Acrobat programs, allowing a hacker to crash the program and take control of the system.

The flaw was initially found to be in Reader and Acrobat versions 9.4.6 and X (10.1.1) on all supported platforms, with a similar flaw later being found in Adobe's Flash Player, though in its security bulletin Adobe claims this is not the same issue as those in Reader and Acrobat.

Despite it being present in multiple platforms and software versions, Adobe claimed the flaw was only being actively exploited in the Windows versions of Acrobat and Reader. As a result, and because version 10.1.1 of the software contains enhanced security options that thwart the exploit, Adobe only issued immediate updates for version 9.4.2 of Reader and Acrobat for Windows.

The company claimed that it would address the flaw in other versions of its software by releasing updates on January 10, 2012, so if you use these software packages from Adobe, then be aware that an update will likely be made available today. When the updates are released they can be obtained on Adobe's product update downloads page, and also will be available via the Adobe Update Manager program if you have that installed.

Until these updates are finally released, if you are using Acrobat X or Reader X (version 10 or above), you can secure this flaw by enabling the program's enhanced security options by going to the program's preferences, selecting the "Security (enhanced)" section, and then checking the "Enable Enhanced Security" option. Even after applying patches that correct this latest problem, it may be a good idea to keep these enhanced security measures enabled.

UPDATE (Jan 10, 2012, 2:07pm): Adobe has released a security bulletin update and release notes outlining and confirming the release of the updates today.

Questions? Comments? Have a fix? Post them below or e-mail us!
Be sure to check us out on Twitter and the CNET Mac forums.

Computing Guides

Laptops

Desktops & Monitors

Computer Accessories

Photography

Tablets & E-Readers

3D Printers

Computing Coupons