Adobe has reported a “critical vulnerability” for not only present but also older versions for Adobe reader and Acrobat for different operating system including Windows, Mac OS X, and Unix operating systems. Adobe defines “critical” as “a vulnerability, which, if exploited would allow malicious native-code to execute, potentially without a user being aware.”
“This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system.”
The hack, seems to, already have been used against US research facilities and defense contractors.
This malware has been found by Lockheed Martin’s Computer Incident Response Team and MITRE.
In a blog post, Adobe’s director of product security Brad Arkin said, “We are planning to release an out-of-cycle security update for Adobe Reader and Acrobat 9.x for Windows no later than the week of December 12, 2011.”
Following versions have been found affected by the malware,
- Adobe Reader X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Reader 9.4.6 and earlier 9.x versions for Windows, Macintosh and UNIX
- Adobe Acrobat X (10.1.1) and earlier 10.x versions for Windows and Macintosh
- Adobe Acrobat 9.4.6 and earlier 9.x versions for Windows and Macintosh