Adobe Reader and Adobe Acrobat zero-day flaws to be fixed this week

News 18 Feb, 2013

Adobe Reader and Adobe Acrobat will be patched in the coming days.

Software giant Adobe has confirmed that a software patch will be released this week to fix two security vulnerabilities in its Reader and Acrobat software.

As reported by IT Pro last week, security flaws were recently found in several versions of Adobe Reader and Adobe Acrobat that experts feared could be used to carry out targeted attacks on Mac and PC users.

Security vendor, FireEye, discovered the vulnerabilities and claimed they were already being exploited in the wild.

The vulnerabilities, which are identified as critical in a security advisory on Adobe's website, can cause applications to crash and puts the system at a higher risk for infiltration by attackers.

"Adobe is aware of reports that these vulnerabilities are being exploited in the wild in targeted attacks designed to trick Windows users into clicking on a malicious PDF file delivered in an email message," a section of the Adobe advisory read.

However, in a follow-up advisory published over the weekend, Adobe confirmed that it plans to roll out an update that will fix the security holes later this week.

In the meantime, Adobe has advised users to take proper security precautions until the updates are released. They have also been advised not to open PDF documents from unknown sources.

"Users of Adobe Reader XI and Acrobat XI for Windows can protect themselves from this exploit by enabling Protected View," the advisory added.

"To enable this setting, choose the 'Files from potentially unsafe locations' option under the Edit > Preferences > Security (Enhanced) menu," it continued.