Security Advisory - Adobe Reader / Acrobat

• 1Ovo se svidja korisniku: Sass Drake
  
  Registruj se da bi pohvalio/la poruku!

Citat:A critical vulnerability has been identified in Adobe Reader X (10.1.1) and earlier versions for Windows and Macintosh, Adobe Reader 9.4.6 and earlier 9.x versions for UNIX, and Adobe Acrobat X (10.1.1) and earlier versions for Windows and Macintosh. This vulnerability (CVE-2011-2462) could cause a crash and potentially allow an attacker to take control of the affected system. There are reports that the vulnerability is being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows.

Citat:Adobe categorizes this as a critical issue.

Citat:Adobe Reader X Protected Mode and Adobe Acrobat X Protected View would prevent an exploit of this kind from executing. To verify Protected View for Acrobat X is enabled, go to: Edit >Preferences > Security (Enhanced) and ensure "Files from potentially unsafe locations" or "All files" with "Enable Enhanced Security" are checked. To verify Protected Mode for Adobe Reader X is enabled, go to: Edit >Preferences >General and verify that "Enable Protected Mode at startup" is checked.

http://www.adobe.com/support/security/advisories/apsa11-04.html

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

Adobe je najavio da će pomenuti propust biti ispravljen u petak, 15. decembra za Adobe Reader i Acrobat 9.x za Windows.

Ispravka za ostale verzije programa (i operativne sisteme) će biti izdata 10. januara.

• 0Niko još nije pohvalio poruku.
  Registruj se da bi pohvalio/la poruku!

CVE-2011-4369 ::Unspecified vulnerability in the PRC component in Adobe Reader and Acrobat 9.x before 9.4.7 on Windows, Adobe Reader and Acrobat 9.x through 9.4.6 on Mac OS X, Adobe Reader and Acrobat 10.x through 10.1.1 on Windows and Mac OS X, and Adobe Reader 9.x through 9.4.6 on UNIX allows remote attackers to execute arbitrary code or cause a denial of service (memory corruption) via unknown vectors, as exploited in the wild in December 2011.

Adobe ::There have been reports of two critical vulnerabilities being actively exploited in limited, targeted attacks in the wild against Adobe Reader 9.x on Windows. These vulnerabilities (CVE-2011-2462, referenced in Security Advisory APSA11-04, and CVE-2011-4369) could cause a crash and potentially allow an attacker to take control of the affected system.

I ovaj propust, kao i prethodni, je ispravljen u ažuriranju na v9.4.7 za Windows; ostale verzije i verzije za ostale operativne sisteme će biti ažurirane u januaru.


Source: National Vulnerability Database & Adobe Systems Incorporated.