Critical Zero-day Vulnerability in Adobe Reader

Critical Zero-day Vulnerability in Adobe Reader

Researchers at the Lockheed Martin Computer Incident Response Team (CRT) and members of the Defense Security Information Exchange informed Adobe that their products were being exploited by hackers.

The exploit affects all versions of Adobe Reader and Adobe Acrobat 9.x and higher, including Adobe Reader X and Adobe Acrobat X (10.1.1) for Windows, Macintosh, and UNIX.

“This U3D memory corruption vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system,” wrote Adobe in their incident report, explaining that this essentially a memory-corruption and privilege escalation exploit. “There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows. Adobe Reader X Protected Mode and Acrobat X Protected View mitigations would prevent an exploit of this kind from executing.”

According to a blog post on the subject, Adobe has published that they are currently engineering a fix for the issue and expect to make it available for Windows version Adobe Reader 9.x and Acrobat 9.x no lager than December 12, 2011. Adobe Acrobat and Reader X have much more sufficient protected mode capabilities so Adobe believes that it is hardened enough to avoid the exploit, so a fix to that will not be coming until January 10, 2012.

Macintosh and UNIX will wait as they’re much more difficult to exploit. However, the exploit has already been seen active in the wild and it is expected that it’s being used by criminal and espionage organizations to attempt to infiltrate defense corporations and others.