So, remember when Adobe crashed and you thought it was simply because it was a stupid program and too bloated for its own good? (Or was that just me.) Well, turns out, the very same crash could be the result of a flaw that could allow an attacker to take control of your system.
Adobe wrote in a blog post that the “critical vulnerability” is present in both Mac and Windows versions of its software, from the most recent versions of Adobe Acrobat and Reader (Adobe Acrobat/Reader X) and below. For UNIX users, its from Adobe Reader 9.4.6 and below. Those running Adobe Reader for Android are not affected, and Adobe Flash is unaffected by this vulnerability.
“There are reports that the vulnerability is being actively exploited in the wild in limited, targeted attacks against Adobe Reader 9.x on Windows,” it said.
While Adobe 9.x for Windows users will see an immediate update sometime next week, those running Adobe Reader X will have to wait until the next quarterly security update (January 10, 2012) because of its new “Protected Mode”. Mac and UNIX users will also have to wait for the security update – so I’m assuming Adobe also believes the old “Macs don’t get viruses” belief.