21 Feb 2013
Two critical vulnerabilities for Adobe Reader and Adobe Acrobat were addressed in a security update that promises to plug the exploit that enabled attackers to escape the Adobe sandbox.
Known as CVE-2013-0640 and CVE-2013-0641, the two vulnerabilities enabled an attacker to escape the sandbox and assume full control over a targeted machine. Affecting several Adobe reader and Acrobat versions, the bug was already included in some of the most popular exploit packs.
“Adobe has released security updates for Adobe Reader and Acrobat XI (11.0.01 and earlier) for Windows and Macintosh, X (10.1.5 and earlier) for Windows and Macintosh, 9.5.3 and earlier 9.x versions for Windows and Macintosh, and Adobe Reader 9.5.3 and earlier 9.x versions for Linux,” reads the Adobe security bulletin. “These updates address vulnerabilities that could cause a crash and potentially allow an attacker to take control of the affected system.”
The memory corruption and buffer overflow vulnerabilities that enable remote code execution were already encountered in the wild starting earlier this month, according to the CVE (Common Vulnerabilities and Exposures) advisory.
Users who haven’t updated to the latest build are urged to either use the build-in updater or update from the official website.