Security

Adobe working on fix for ‘critical’ vulnerability in Reader and Acrobat

NOTE: GrowthBeat -- VentureBeat's provocative new marketing-tech event -- is a week away! We've gathered the best and brightest to explore the data, apps, and science of successful marketing. Get the full scoop here, and grab your tickets while they last.

If you’re running Adobe Acrobat or Reader, you might not want to open any PDFs unless you trust the sender. Adobe confirmed that hackers are currently exploiting a hole in the two programs, using PDFs to trick people into giving them full access to their computers.

The hole was revealed yesterday after security firm FireEye discovered it and reported it to Adobe. Adobe released a statement yesterday and updated it today to say that it is aware of the vulnerabilities and is currently working on a fix. The company went on to call the holes “critical” and confirmed that hackers are specifically using this attack to gain full control of your computer. Once in, they’d be able to access all your information, and if you’re a business, it could be an entry way into the broader network.

The vulnerability touches Adobe Reader XI, versions 11.0.01 and earlier; Reader X, 10.1.5 and earlier; Reader 9.5.3 (and earlier versions only for those Reader versions beginning with 9.x). All those versions affect both Windows and Macs except for the last, which also hits Linux. As far as Adobe Acrobat goes, it affects Acrobat XI, version 11.0.01 and earlier; X, versions 10.1.5 and earlier; and Acrobat 9.5.3, with all versions within the 9.x scheme also affected. Both Mac and Windows programs are hit here as well.

Aside from not opening PDFs, Adobe suggests Windows users protect themselves by using “Protected View.” You can set up Protected View by heading over to the Edit tab and going into Preferences, then Security (Enhanced) menu to turn it on.

Adobe has not yet said when it will release a fix.

Adobe image via midiman/Flickr


We're studying digital marketing compensation: how much companies pay CMOs, CDOs, VPs of marketing, and more, with ChiefDigitalOfficer. Help us out by filling out the survey, and we'll share the results with you.