In a security bulletin, Adobe confirmed that these vulnerabilities could cause Reader and Acrobat in the accident, which could open the door for an attacker to take control of the system.
"Adobe is aware of reports that these vulnerabilities are exploited in the wild in targeted attacks designed to trick Windows users into clicking a malicious PDF file delivered in an email," the company revealed in the newsletter.
Adobe said it is currently working on a fix for the security issue and will update its report once a start has been programmed. In the meantime, Windows users of Adobe Reader and Acrobat XI XI can protect themselves against the security exploit by enabling protected mode as follows:
Open Reader or Acrobat. Click the Edit menu, select Preferences, then click the Security (or Enhanced Security) option. In protected mode section in the upper part of the window, click the button to activate the "Files from potentially unsafe locations", and then click OK.
The workaround above allows Windows users to Acrobat Reader and XI. But the fault itself affects several different versions of products, including:
Adobe Reader XI (11.0.01 and earlier versions) for Windows and Macintosh
Adobe Reader X (10.1.5 and earlier versions) for Windows and Macintosh
Adobe Reader 9.5.3 and earlier 9.x versions for Windows and Macintosh
Adobe Acrobat XI (11.0.01 and earlier versions) for Windows and Macintosh
Adobe Acrobat X (10.1.5 and earlier versions) for Windows and Macintosh
Adobe Acrobat 9.5.3 and earlier 9.x versions for Windows and Macintosh
The vulnerability was discovered by security firm FireEye, which explains how it is exploited by attackers:
A successful operation, it will drop two DLLs. The first DLL displays a fake error message and opens PDF lure, which is usually common in targeted attacks. The second DLL in turn decreases the return component, which refers to a remote domain.
FireEye added that he has worked with Adobe on this issue and agreed with the company not to publish all the technical details of the fault. The company also suggested that users of Reader and Acrobat PDF files not unknown for now....
