Adobe Systems has successfully closes the loopholes in its software by the release of updates for its Reader and Acrobat applications. Those vulnerabilities were exploiting to grab control of Windows-based devices of the companies from the defense industry.
Adobe says that version 9.4.7 of the program fix two memory corruption bugs. The updates can be installed by selecting Help and going to Check for updates in the software. Manual downloads for Reader 9.4.7 and Acrobat 9.4.7 are also available.
The initial problem was the result of a memory corruption, when processing Universal 3D (U3D) files, enabling attackers to control the affected system. The newly released patches also work on the recently revealed critical flaw (CVE-2011-4369), which can result in memory corruption while processing Product Representation Compact (PRC) 3D files.
Adobe has stated that “there is no immediate risk to the Adobe Reader and Acrobat X for Windows (with Protected Mode/Protected View enabled), Adobe Reader and Acrobat X or earlier versions for Macintosh, and Adobe Reader 9.x for UNIX based on the current exploits and historical attack patterns.” Fixed versions of those applications will be released as a part of the next quarterly security update on January 10, 2012.
For checking the enabled protection in Acrobat X, a user should go to Edit > Preferences > Security (Enhanced) and make sure that “Enable Enhanced Security” is checked along with either “Files from potentially unsafe locations” or “All files”. Adobe Reader X users should go to Edit > Preferences > General and ensure that “Enable Protected Mode at startup” is checked.