Adobe Releases Emergency Patch for Adobe Reader

Adobe has released its emergency patch after a string of events in the past nearly ten days on dealing with a zero-day vulnerability. This was originally reported by FireEye in a blog post.

The FireEye blog stated the following:
“Upon successful exploitation, it will drop two DLLs. The first DLL shows a fake error message and opens a decoy PDF document, which is usually common in targeted attacks. The second DLL in turn drops the callback component, which talks to a remote domain.”

After that was published, the FireEye researchers sent the bug report & sample to Adobe. Soon after, Adobe released a notification that there is a problem.

Eventually, Adobe detailed this past weekend that a patch would be available next week…well it’s here.

Adobe released its patch yesterday, in efforts to remediate the situation.

According to Adobe, the following versions are now available:

  •  Users of Adobe Reader XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Reader XI (11.0.02).
  •  For users of Adobe Reader X (10.1.5 and earlier) for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader X (10.1.6).
  •  For users of Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh, who cannot update to Adobe Reader XI (11.0.02), Adobe has made available the update Adobe Reader 9.5.4.
  •  Users of Adobe Reader 9.5.3 and earlier 9.x versions for Linux should update to Adobe Reader 9.5.4.
  •  Users of Adobe Acrobat XI (11.0.01 and earlier) for Windows and Macintosh should update to Adobe Acrobat XI (11.0.02).
  •  Users of Adobe Acrobat X (10.1.5 and earlier) for Windows and Macintosh should update to Adobe Acrobat X (10.1.6).
  •  Users of Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh should update to Adobe Acrobat 9.5.4.

 

Advertisements

Tags: , , , , , , , , , , ,

About Jay Pfoutz

Marketer
%d bloggers like this: